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REISSUE PATENT APPLICATION TRANSMITTAL 



Addressed to: 

Assistant Commissioner for Patents 
Box: Reissue 
Washington, DC 20231 



Docket No. 



First Named Inventor 



Original Patent No. 



Original Patent Date 



Express Mail No. 



20206-014(PT-TA-410) 



COLLINS 



5,848,159 



o 

H 



December 8, 1998 siQ 



^ — ^ 
qsCT 



APPLICATION FOR REISSUE OF: 



Utility Patent □ Design Patent □ Plant Patent 



o 



APPLICATION ELEMENTS (37 CFR 1.173) 



ACCOMPANYING APPLICATION PARTS 



1. ^ Fee Transmittal Form (PTO/SB/56) 

2. Q Applicant claims small entity status. See CFR 37 1.27. 

3- ^® Specification and Claims in double column copy of patent 

^ J format (amended, if appropriate) 

4. % Drawing(s) (proposed amendments, if appropriate) 
. 2 ^ Transfer drawings jQrom original patent file 

5. f Reissue Oath/Declaration (original or copy) 
, ' ' (37 C.F.R. § 1.175) (PTO/SB/51 or 52) 

6. 1 ^Original U.S. Patent currently assigned 

H S Yes □ No 

1 3^ Written Consent of all Assignees (PTO/SB/53) 

^ 37 C.F.R. § 3.73(b) Statement (PTO/SB/96) 

^ Power of Attorney 



7. ^ Statement of Status/Support for all changes to the 

claims embedded in the remarks of the preliminary 
amendment. See 37 CFR 1.173(c). 

8. □ Origmal U.S. Patent for Surrender 

Q Ribboned Original Patent Grant 
□ Statement of Loss (PTO/SB/55) 

9. □ Foreign Priority Claim (35 U.S.C. 119) if applicable 

10. ^ Information Disclosure Statement (IDS)/PTO- 1449 

^ Copies of IDS Citations 

1 1 . □ English Translation of Reissue Oath/Declaration 

12. ^ Preliminary Amendment 

13. Return Receipt Postcard (MPEP 503) 

14. Other: Petition for Waiver under 1.183 



15. CORRESPONDENCE ADDRESS 



Customer Number 25696 



or 1^ Correspondence address below 



Name 



Oppenheimer Wolff & Donnelly LLP 



Address 



1400 Page Mill Rd. 



City 



Palo Alto 



State 



California 



Zip Code 



94303 



Country 



USA 



Telephone 



(650) 320-4000 



Fax 



(650) 320-4100 



Name 



LEAH SHERRY 



Registration No. 



43,918 



Signature 




Date 



/O IZo I 
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REISSUE APPLICATION FEE TRANSMITTAL FORM 



Docket Number: 20206-0 14(PT-TA-4 1 0) 
Patent: 5,848,159 



Claims as Filed - Part 1 



Claims in Patent 



Number filed in 
Reissue Application 



(3) 

Number Extra 



Small Entity 



Rate 



Fee 



Other than Small Entity 



Rate 



Fee 



(A) 13 



Total Claims 
(37 CFR 1.16a)) 



(B) 61 



x$_ 



x$ 18.00 



S864.Q0 



(C) 8 



Independent Claims 
(37CFR1.16(i)) 



(D) 20 



- 12 



x$_ 



xS SO.OO 



S960.00 



Basic Fee (37 CFR 1.16(h)) $710.00 



Total Filing Fee $ 2.534.00 



OR 



Claims as Amended - Part 2 



a) 

Claims Remammg 
After Amendment 



(2) 

Highest Number 
Previously Paid For 



(3) 

Extra Claims 
Present 



Small Entity 



Rate 



Fee 



Other than a Small 
Entity 



Rate 



Fee 



ToffiClaims 
(3fJFR 1.160)) 



x$ 0 



13 



MINUS 



20 



x$_ 



Indej^endent 
Clmhs (37 CFR 
l.llS^)) 



x$ 0 



MINUS 



x$_ 



Total Additional Fee 



OR 



$0 



i. ..,1 



if the entry in (D) is less than the entry in (C), Write "0" in column 3. 

If the "Highest Number of Total Claims Previously Paid For" is less than 20, write "20" in this space. 
After any cancellation of claims. 

If "A" is greater than 20, use (B-A); if "A" is 20 or less, use (B-20). 

Highest Number of Independent Claims Previously Paid For" or Number of Independent Claims in Patent (C). 



Applicant claims small entity status. See 37 CFR 1 .27. 

Q Please charge Deposit Account No. 02-3964 in the amount of $ : 

A duplicate copy of this sheet is enclosed for this purpose. 

^ The Commissioner if hereby authorized to charge any additional fees under 37 CFR 1.16 or 1.17 which may be required, or 
credit any overpayments to Deposit Account No. 02-3964 . 

* A duplicate copy of this sheet is enclosed for this purpose. 

^ A check in the amount of $ 2,664.00 . to cover the filing fee and petition fee under 1 .17(h), is enclosed, 
n Payment by credit card. Form PTO-2038 is attached. 



WARNING; Information on this form may become public. Credit card information should not 
be included on this form. Provide credit card information and authorization on PTO-2038 



Date 




Leah Sherry, Registration No. 43,918 
Attorney for Patentee 



SV: 108812 vOl 10/13/2000 



IN THE UNITED STATES PATENTS AND TRADEMARK OFFICE 



Applicant: COLLINS et al. Attorney Docket No.: 20206-00 14(PT-TA"4 10) 

Patent No.: 5,848,159 ' ? 

Issued: Decembers, 1998 

For: "PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD" 3^ 

a 
1^ 

CERTIFICATE UNDER 37 CFR 3.73(b) 

I. Compaq Computer Corporation^ a Delaware corporation, certifies that it is the assignee of the 
entire right, title, and interest in the patent application identified above by virtue of a chain of title firom 
the inventors of the patent application identified above, to the current assignee as shown below: 

1 . From: Thomas Collins, Dale Hopkins, Susan Langford and Michael Sabin 
1 To: Tandem Computers Incorporated 

^ The document was recorded in the Patent and Trademark Office on May 7, 1997 as 

J Reel and Frame # 8542/0875. 

2. From: Tandem Computers Incorporated 
To: Compaq Computer Corporation 

The document was recorded in the Patent and Trademark Office on October 12, 2000, a 
copy of which is attached, 

II. The undersigned is empowered to sign this certificate on behalf of the assignee. 




Date: N^CT ^ 

Theodore S. Park 
Senior Counsel, Intellectual Property 

Compaq Computer Corporation 
P.O. Box 692000 
Houston, TX 7707-2698 
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REISSUE APPLICATION BY THE INVENTOR(S), 
OFFER TO SURRENDER PATENT 



Docket Number: 20206-0 14(PT-TA-4 10) 
Patent: 5,848,159 



vo 



This is part of the application for a reissue patent based on the original patent identified below. 



Name of Patentee(s) 



Patent Number 



Thomas Collins, Dale Hopkins, Susan Langford, Micahel Sabin 



u 



5,848,159 



Date Patent Issued 



December 8, 1998 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



I am the 

□ inventor (if only one name is listed herein) of the original patent. 
13 joint inventor (if plural names are listed herein) of the original patent. 
I afl^r to surrender the original patent. 

1 . [ ri ^ Filed herein is a certificate under 37 CFR 3.73(b). 

2. Is □ Ownership of the patent is in the inventor(s), and no assignment of the patent has been made. 
Om^ of boxes 1 or 2 above must be checked. 

tA written consent of all assignees ownmg an undivided interest m the original patent is inchided in this appHcation for 
refSfue. 



Signature 



Date: 



Typed or printed name: 



Thomas Collins 



Signature 



Date: 



Typed or printed name: 



Dale Hopkins 



Signature 



Date: 



Typed or printed name: 



Susan Langford 



Signature 



Date: 



Typed or printed name: 



Michael Sabin 



The assignee owning an undivided interest in said original patent is Compaq Computer Corporation , and the assignee 
consents to the accompanying appHcation for reissue. 
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I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and forther that these statements were made with the knowledge that willful 
false statements and the like so made are punishable by fine or imprisonment, or both, under 18U.S.C. 1001 and that suck 
willful false statements may jeopardize the validity of the apphcation, any patent issued thereon, or any patent to which 
this declaration is directed. 


Name of Assignee 


Compaq Computer Corporation 


Signature of Person Signing 
for the Assignee 




Type/printed name and title of 
person signing for assignee 


Theodore S. Park, Senior Intellectual Property Counsel 
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CONSENT OF ASSIGNEE TO REISSUE 
APPLICATION 



Docket Number: 20206-0 14(PT-TA-4 10) 



This is part of the application for a reissue patent based on the original patent identified below. 



Name of 
Patentee(s): 



COLLINS et al. 



Patent Number: 



5,848,159 



Patent Issued 



Decembers, 1998 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



As an authorized agent empowered to act on behalf of Compaq Computer Corporation , the assignee of 
the entire interest in the original patent, I hereby consent to the filing of the present appUcation for 
^ reissue of the original patent. 

3 A certificate under 37 CFR(b) is attached. 



I hereby declare that all statements made herein of my own knowledge are true and that all statements 
made on information and belief are believed to be true; and further that these statements were made 
with the knowledge that willful false statements and the like so made are pimishable by fine or 
imprisonment, or both, under 18 U.S. C. 1001 and that such willfial false statements may jeopardize the 
validity of the application, any patent issued thereon, or any patent to which this declaration is 
directed. 



Name of Assignee 



Compaq Computer Corporation 




Signature of Person 
Signing for Assignee 



Printed name and title of 
person signing for assignee 



Theodore S. Park, Counsel 
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REISSUE APPLICATION BY THE INVENTOR(S), 
OFFER TO SURRENDER PATENT 



Docket Number: 20206-014(PT-TA-410) 
Patent: 5,848,159 



This is part of the application for a reissue patent based on the original patent identified below. 



Name of Patentee(s) 



Patent Number 



Thomas Collins, Dale Hopkins, Susan Langford, Michael Sabin 



vo 



=CM 



5,848,159 



Date Patent Issued 



Decemba 8, 1998 go = 3 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



I am the 

□ inventor (if only one name is listed herein) of tlie original patent. 
13 joint inventor (if plural names are listed herein) of the original patent, 
I Slfer to surrender the original patent. 

1|; ri ^ Hied herein is a certificate under 37 CFR 3.73(b). 

£ i □ Ownership of the patent is in the inventor(s), and no assignment of the patent has been made. 
Qme of boxes 1 or 2 above must be checked. 

^ written consent of all assignees owning an undivided interest in the original patent is included in this appUcation for 
reissue. 



Signature 



Date: 



Typed or printed name: 



Thomas Collins 



Signature 



Date: 



Typed or printed name: 



Dale Hopkins 



Signature 



Date: 



Typed or printed name: ^ Susan l/agford 



Signature 



Date: 



Typed or printed name: 



Michael Sabin 



The assignee owning an undivided interest in said original patent is Compaq Computer Corporation, and the assignee 
consents to the accompanying application for reissue. 
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I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are beUeved to be true; and further that these statements were made with the knowledge that willful 
false statements and the like so made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that suck 
willfiil false statements may jeopardize the validity of the application, any patent issued thereon, or any patent to which 
this declaration is directed. 


Name of Assignee 


Compaq Computer Corporation 


Signature of Person Signing 
for the Assignee 




Type/printed name and title of 
person signing for assignee 


Theodore S. Park, Senior Intellectual Property Counsel 
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REISSUE APPLICATION BY THE INVENTOR(S), 
OFFER TO SURRENDER PATENT 



Docket Number: 20206-014(PT-TA-410) 
Patent: 5.848>159 



This is part of the application for a reissue patent based on the original patent identified below. 



Name of Patentee(s) 



Patent Number 



Thomas Collins, Dale Hopkins, Susan Langford, Michael Sabin 



5,848,159 



Date Patent Issued 



Decembo- 8, 1998 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



I am the 

□ inventor (if only one name is listed herein) of the original patent. 
^ joint inventor (if plural names are Hsted herein) of the original patent. 
I p|fer to surrender the original patent. 

1 r f{ [3 Filed herein is a certificate under 37 CFR 3.73(b), 

i: i □ Ownership of the patent is in the inventor(s), and no assignment of the patetit has been made. 
One of boxes 1 or 2 above must be checked. 



t|| written consent of all assignees owning an undivided interest in the original patent is inchided in this application for 
rlilsue. 



Sgnature 



Date: 



T^ed or printed name: 



Thomas Collins 



Signature 



Date: 



Typed or printed name: 



Dale Hopkins 



Signature 



Date: 



Typed or printed name: 



Susan Langford 



Signature 



Typed or printed name: 



Mic 



Date: 



20 dCT "^006 



ichael Sabin 



The assignee owning an undivided interest in said original patent is Compaq Computer Corporation, and the assignee 
consents to the accompanying application for reissue. 
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I hereby declarifthat m statements made herein of my own knowledge are true and that all statements made on 
information and belief are beUeved to be true; and further that these statements were made with the knowledge that willful 

false statements and the Uke so made are punishable by fine or impnsonment, or both, under 18 U.S.C. 1001 and that sucic 
willful false statements may jeopardize the vaUdity of the application, any patent issued thereon, or any patent to which 
this declaration is directed. 


Name of Assignee 


Compaq Computer Corporation 


Signature of Person Signing 
for the Assignee 




Type/printed name and title of 
person signing for assignee 


Theodore S. Park, Senior Intellectual Property Counsel 
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Attorney Docket No.: 20206-14 (PT-TA-410) 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Attorney Docket No. 20206-014(PT-TA-41 0) 

Inventors: Collins et al. 

Patent No. 5,848,159 

Issued: December 8, 1998 

For: PUBLIC KEY CRYPTOGRAPfflC 
APPARATUS AND METHOD 



Assistant Commissioner for Patents 
Box: Reissue 
Washington, D.C. 20231 



CERTIFICATE OF MAILING 
I hereby certify that this paper (along with any paper referred 
to as being attached or enclosed) is being deposited with the 
United States Postal Service as Express Mail No. 
EL655031318US addressed to: Assistant Commissioner for 
Patents, Box: DAC, Washington, DC, 20231 on October 19, 
2000 , r\ ^ 




REISSUE APPLICATION PRELIMINARY AMENDMENT 

Sir: 

In conjunction with the filing of a Reissue Application, please amend the specification of 
the above-mentioned U.S. Patent and consider the remarks as hereafter provided: 

In the Specification other than Claims: 

Replace the paragraph beginning at column (hereafter "col") 1, line 4 with the 
ft)llowing: 

This application claims the benefit of U.S. Provisional Application No. 
60/033,271 for PUBLIC KEY CRYTOGRAPHIC APPARATUS AND METHOD, filed 
Dec. 9, 1996, naming as inventors, Thomas [Colins] Collins . Dale Hopkins, Susan 
Langford and [Michale] Michael Sabin, the [discolsure] disclosure of which is 
incorporated by reference. 



Replace the paragraph beginning at col. 1, line 64 with the following: 

The RSA scheme capitalizes on the relative ease of creating a composite number 
from the product of two prime numbers whereas the attempt to factor the composite 
number into its constituent primes is difficult. The RSA scheme uses a public key E 
comprismg a pair of positive integers n and e, where n is a composite number of the form 
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Attorney Docket No.: 20206-14 (PT-TA-410) 

n^p^q (1) 

where p and q are different prime numbers, and e is a number relatively prime to (p-1) 
and (q-1); that is, e is relatively prime to (p-1) or (q-1) if e has no factors in common with 
either of them. Importantly, the sender has access to n and e, but not to p and q. The 
message M is a number representative of a message to be transmitted wherein 

0<M<nA. (2) 

The sender enciphers M to create ciphertext C by computing the exponential 

[C=M'(mod n)\ C^M'imoAnX (3) 



Replace the paragraph beginning at col 2, line 19 with the following: 

The recipient of the ciphertext C retrieves the message M using a (private) 
decoding key comprising a pair of positive integers d and n, employing the relation 

[M=C^ (mod n)} C^AfVod (4) 

As used in (4), above, d is a multiplicative inverse of 

e(mod(lcm((p-l),(^-l)))) (5) 

so that 

[e- J=l(mod(icm((p-l), (?-l))))] e-d^ Umodacm(fa-l\ (^-1)))) (6) 

where lcm((p-l), (q-1)) is the least common multiple of numbers p-1 and q-1. Most 
commercial implementations of RSA employ a different, although equivalent, 
relationship for obtaining d: 

[d^e^ mod(p-l) (9-1)] d^e'^ mod((p-lV(cf-n) . (7) 

This alternate relationship simplifies computer processing. 



Replace the paragraph beginning at col 3, line 23 with the following: 
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It is still another object of this invention to provide a system and method for 
implementing an RS A scheme in which the [components] factors of n do not increase in 
length as n increases in length. 

Replace the paragraph beginning at col 3, line 27 with the following: 

It is still another object to provide a system and method for utilizing multiple 
(more than two), distinct prime number [components] factors to create n. 

Replace the paragraph beginning at col 3, line 36 with the following: 

The present invention discloses a method and apparatus for increasing the 
computational speed of RSA and related pubhc key schemes by focusing on a neglected 
area of computation inefficiency. Instead of n=p-q, as is universal in the prior art, the 
present invention discloses a method and apparatus wherein n is developed from three or 
more distinct random prime numbers; i.e., n=pi'p2 . .-pk, where k is an integer greater 
than 2 and pi, pi,. . . pk are sufficiently large distinct random primes. Preferably, 
"sufficiently large primes" are prime numbers that are numbers approximately 150 digits 
long or larger. The advantages of the invention over the prior art should be immediately 
apparent to those skilled in this art. If, as in the prior art, p and q are each on the order of, 
say, 150 digits long, then n will be on the order of 300 digits long. However, three primes 
pi, p2 and p3 employed in accordance with the present invention can each be on the order 
of 100 digits long and still result in n being 300 digits long. Finding and verifying 3 
distinct primes, each 100 digits long, requires significantly fewer computational cycles 
than finding and verifying 2 primes each 150 digits long. 

Replace the paragraph beginning at col 3, line 56 with the following: 

The commercial need for longer and longer primes shows no evidence of slowing; 
already there are projected requirements for n of about 600 digits long to forestall 
incremental improvements in factoring techniques and the ever faster computers available 
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to break ciphertext. The invention, allowing 4 primes each about 150 digits long to obtain 
a 600 digit n, instead of two primes about [350] 300 digits long, results in a marked 
improvement in computer performance. For, not only are primes that are 150 digits in 
size easier to find and verify than ones on the order of [350] 300 digits, but by applying 
techniques the inventors derive from the Chinese Remainder Theorem (CRT), public key 
cryptography calculations for encryption and decryption are completed much faster-even 
if performed serially on a single processor system. However, the inventors' techniques are 
particularly adapted to [be] advantageously apply [enable] RSA public key cryptographic 
operations to parallel computer processing. 

Replace the paragraph beginning at col. 4, line 6 with the following: 

The present invention is capable of [using] extenduig the RSA scheme to perform 
encryption and decryption operation using a large (many digit) n much faster than 
heretofore possible. Other advantages of the invention include its employment for 
decryption without the need to revise the RSA public key encryption transformation 
scheme currently in use on thousands of large and small computers. 

Replace the paragraph beginning at col 4, line 13 with the following: 

A key assumption of the present invention is that n, composed of 3 or more 
sufficiently large distinct prime numbers, is no easier (or not very much easier) to factor 
than the prior art, two prime number n. The assumption is based on the observation that 
there is no indication in the prior art literature that it is "easy" to factor a product 
consisting of more than two sufficiently large, distinct prime numbers. This assumption 
may be justified given the continued effort (and failure) among experts to find a way 
"easily" to break large [component] composite numbers into their large prime factors. 
This assumption is similar, in the mventors' view, to the assumption underlying the entire 
field of public key cryptography that factoring composite numbers made up of two 
distinct primes is not "easy." That is, the entire field of public key cryptography is based 
not on mathematical proof, but on the assumption that the empirical evidence of failed 
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sustained efforts to find a way systematically to solve NP problems in polynomial time 
indicates that these problems truly are "difficult." 

Replace the paragraph beginning at col. 4, line 32 with the following: 

The invention is preferably implemented in a system that employs parallel 
operations to perform the encryption, decryption operations required by the RSA scheme. 
Thus, there is also disclosed a cryptosystem that includes a central processor unit (CPU) 
coupled to a number of exponentiator elements. The exponentiator elements are special 
purpose arithmetic units designed and structured to be provided message data M, an 
encryption key e, and a number n (where [n=pi *p2 * . . . Pk] rv=pvpi' , . ,-pu k being 
greater than 2) and return ciphertext C according to the relationship, 

[C-M' (mod(n))] C^MUmod n\ 

Replace the paragraph beginning at col 4, line 45 with the following: 

Alternatively, the exponentiator elements may be provided the ciphertext C, a 
decryption (private) key d and n to return M according to the relationship, 

[M=C^ (mod(n))] M=cUmodn\ 

Replace the paragraph beginning at col 4, line 50 with the following: 

According to this decryption aspect of the invention, the CPU receives a task, 
such as the requirement to decrypt [cyphertext] ciphertext data C. The CPU will also be 
provided, or have available, a [public] private key [e] d and n, and the factors of n (pi, p2, 
, . . p^). The CPU breaks the [encryption] decryption task down into a number of sub- 
tasks, and delivers the sub-tasks to the exponentiator elements. [When the] The results of 
the sub-tasks are returned by the exponentiator elements to the CPU which [will], using a 
form of the CRT, combines the results to obtain the message data M. An encryption task 
may be performed essentially in the same manner by the CPU and its use of the 
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exponentiator elements. However, usually the factors of n are not available to the sender 
(encryptor), only the public key, e and n, so that no sub-tasks are created. 

Before the paragraph beginning at col. 5, line 52, insert the following paragraph: 

Alternatively, a message data M can be encoded with the private key to a signed 
messa ge data M, using a relationsh ip of the form 

M, sM''(mod«)^ 

The message data M can he reproduce from the signe d message data Ms by decoding the 
signed data with the public kev. using a relatio nship of the form 

M = M/(modn). 



Replace the paragraph beginning at col 5, line 30 with the following: 

According to the present invention, the public key portion e is picked. Then, three 
or more random large, distinct prime numbers, pi, p2, • • • , Pk are developed and checked 
to ensure that each (pA) is relatively prime to e. Preferably, the prime numbers are of 
equal length. Then, the product [n=pi, p2, • - • , pk] t^i£2' ■■•Pi '^^ computed. 

Replace the paragraph beginning at col 5, line 36 with the following: 

Finally, the decryption [key] exponent, d, is established by the relationship: 

[d=e^ mod ((pi -1) (P2 -1) . . • (Pk -1))] mod ((pi -\)(pi -!)• . . APk^ 
\y). or equivalentlv 

ds e^ mod (lcm((p . -11 Tp^ -n. • ■ • Cpv -l^^') 

Replace the paragraph beginning at col. 5, line 41 with the following: 
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The message data, M is encrypted to ciphertext C using the relationship of (3), 
above, i.e., 

[C=M^ mod «.] C=MUmodn) 

Replace the paragraph beginning at col. 5, line 46 with the following: 

To decrypt the ciphertext, C, the relationship of [(3)] (4}, above, is used: 
[M^C^ mod n] M=C'^ (mod n) 
where n and d are those values identified above. 

Replace the paragraph beginning at col. 5, line 52 with the following: 

Using the present invention involving three primes to develop the product n, RSA 
encryption and decryption time can be substantially less than an RSA scheme using two 
primes by dividing the encryption or decryption task into sub-tasks, one sub-task for each 
distinct prime. (However, breaking the encryption or decryption into subtasks requires 
knowledge of the factors of n. This knowledge is not usually available to anyone except 
the owner of the key, so the encryption process can be accelerated only in special cases, 
such as encryption for local storage. A system encrypting data for another user performs 
the encryption process according to (3), independent of the number of factors of n. 
Decryption, on the other hand, is performed by the owner of a key, so the factors of n are 
generally known and can be used to accelerate the process.) For example, assume that 
three distinct primes, pi, P2, and pa, are used to develop the product n. Thus, decryption of 
the ciphertext, C, using the relationship 

[M=C'' (mod n)] AfeC^fmodw) 

is used to develop the decryption sub-tasks: 

[Ml =Ci^' mod /7i] M^^C /Vmodpi) 

[Ml =C/' mod pi] Mi =C,^ (mod Do) 

[Ms =C3* mod p{\ Mi=C/lSm^ 
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where 

[Ci =Cmod pi;] Ci^=Cimod£i); 
[C2 =Cmodp2;] C2 =C(modD2) : 
[C3 =Cmod ;73 ;] Cx = C (mod Pi) : 
[di =dm.od (pi-l)] di sd (mod (di-\Ti : 
[di =dmod (p2 -1)] d2 ^ d (mod (m -D) : and 
[d3 =dmod (p3 -1)] d i = d (mod (Pi-D) . 

Replace the paragraph beginning at col. 6, line 24 with the following: 

The results of each sub-task, Mi, M2, and M3 can be combined to produce the 
plaintext, M, by a number of techniques. However, it is found that they can most 
expeditiously be combined by a form of the Chinese Remainder Theorem (CRT) using, 
preferably, a recvirsive scheme. Generally, the plaintext M is obtained from the 
combination of the individual sub-tasks by the following relationship: 

1) (wf^ mod pi)mod pi]-Wi mod «] 

where [i >2] 2< i <k where k is the number of prime factors of n. and 
M=Yk Fi=Ci, and wr JJ PJ 

Encryption is performed in much the same manner as that used to obtain the plaintext M, 
provided (as noted above) the factors of n are available. Thus, the relationship 

[C=M' (mod nj\ C=MUmodn\ 

can be broken down mto the three sub-tasks, 

[Ci =M{' mod /Ji] Ci = M,"' (mod p^ ) , 
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[C2 =M2^ mod/72] C2 = M/^ (mod ) 
[C5 ^Ms'' mod p5] C3 = M,'' (mod ;73), 

where 

[Ml =M(mod px)} M\ _ = M (mod p \\ 
[Ml =M(mod p2j\ Mi^M (mod P2) . 
[M3 =M(mod /?3)] M i = M (mod p%} . 
[e\ =emod (p\ -1)] e i^emod(pi A\ 
[ei =emod (f 2 -1)] £2.=^jaQd_(^j4},.and 
[^3 =emod (p3 -1)] g 2 = ^"^Q^^P2'l^' 

Replace the paragraph beginning at col 6, line 65 with the following: 

In generalized form, the ciphertext C (i.e., [decrypted] encrypted message M} can 
be obtained by [the same summation] a recursive scheme as identified above to obtain the 
ciphertext C from its contiguous constituent sub-tasks Q. 

Replace the paragraph beginning at col 7, line 1 with the following: 

Preferably, the recursive CRT method described above is used to obtain either the 
ciphertext[,] C[,] or the deciphered plaintext (message) M due to its speed. However, 
there may be [occasions] implementations when it is beneficial to use a non-recursive 
technique in which case the following relationships are used: 

k k 

M= y Mi (w{^ (mod p\)\ wi (mod n) [M = ^ M {^i mod /?/) Wi mod 

n] 

where 
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[Wi = Yl Pj\ ^i^H 
k is the number (3 or more) of distinct primes chosen to develop the product n. 

Replace the paragraph beginning at col 7, line 1 7 with the following: 

Thus, for example above (k=3), M is constructed from the returned sub-task 
values Ml, Mi, M3 by the relationship 

[M=Mi {w\^ mod p\) w\ mod/w+Mi {wi^ mod pi) W2 mod n + 

Ms (ws'^ mod ps) ws mod n] M= Mj jw f^ (mod p ] ))- w \ _ (mod n) 

+ Ml (wf^ (mod pj))* Wr (mod r(\ 

4- Ml (w<} (mod p^))' wi (mod rt\ 

where 

>vi ^pi ps, wi =pi PS, and ws ^p\ pi^ 

Replace the paragraph beginning at col 7, line 52 with the following: 

The I/O bus 30 communicatively connects the CPU to a number of exponentiator 
elements [32a, 32b, and 32r] 32a. 32b and 32c . Shown here are three exponentiator 
elements, although as illustrated by the "other" exponentiators [32n]32n, additional 
exponentiator elements can be added. Each exponentiator element is a state machine 
controlled arithmetic circuit structured specifically to implement the relationship 
described above. Thus, for example, the exponentiator 32a would be provided the values 
Ml, ei, and pi[, n] to develop C\. Similarly, the exponentiator circuits 32b and 32c 
develop C2 and C3 from corresponding subtask values M2, e2, [P2]E2? M3, es, and [Pslps. 

Replace the paragraph beginning at col 8, line 1 with the following: 
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In order to ensure a secure environment, it is preferable that the cryptosystem 10 
meet the Federal Information [Protection System] Processing Standard (FIPS) 140-1 level 
3. Accordingly, the elements that make up the CPU 14 would be implemented in a design 
that will be secure from external probing of the circuit. However, mformation 
communicated on the I/O bus 30 between the CPU 14 and the exponentiator circuits 32 
(and external memory 34-if present) is exposed. Consequently, to maintain the security 
of that information, it is first encrypted by the DBS unit 24 before it is placed on the I/O 
bus 30 by the CPU 14. The exponentiator circuits 32, as well as the external memory 34, 
will also include similar DBS units to decrypt information received from the CPU, and 
later to encrypt information returned to the CPU 14. 

Replace the paragraph beginning at col. 8, line 52 with the following: 

In similar fashion, mformation is conveyed to or retrieved from the exponentiators 
32 by the processor 20 by write or read operations at addresses within the address range 
44. Consequently, writes to the exponentiators 32 will use the DBS unit 24 to encrypt the 
information. When that (encrypted) mformation is received by the exponentiators 32, it is 
decrypted by on-board DBS units (of each exponentiator 32). The result[s] of the task 
performed by the exponentiator 32 is then encrypted by the exponentiator's on-board 
DBS unit, retrieved by the processor 20 in encrypted form and then decrypted by the DBS 
unit 24. 

Replace the paragraph beginning at col. 9, line 24 with the following: 

Assume, for the purpose of the remainder of this discussion, that the 
encryption/decryption tasks performed by the cryptosystem 10, using the present 
invention, employs only three distinct primes, pi, p2, ps- The processor 20 will develop 
the sub tasks identified above, using M, e, pi P2, Ps Thus, for example, if the 
exponentiator 32a were assigned the sub-task of developing Ci, the processor would 
develop the values Mi[,] Mid ei[, and (pi -1)] and deliver [units] (write) these values, with 
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[n]ph to the exponentiator 32a. Similar values will be developed by the processor 20 for 
the sub-tasks that will be delivered to the exponentiators 32b and 32c. 

Replace the paragraph beginning at col 10, line 15 with the following: 

Alternatively, the [post]host-system 50 may desire to deliver, via the 
communication medium 60, an encrypted communication to one of the stations 64. If the 
communication is to be encrypted by the DES scheme, with the DES key encrypted by 
the RSA scheme, the host system would encrypt the commimication, forward the DES 
key to one of the cryptosy stems 10 for encryption via the RSA scheme. When the 
encrypted DES key is received back from the cryptosystem 10, the host system can then 
deliver to one or more of the stations 64 the encrypted message. 

Replace the paragraph beginning at col 10, line 25 with the following: 

Of course, the host system 50 and the stations 64 will be using the RSA scheme of 
public key encryption/decryption. Encrypted communications from the stations 64 to the 
host system 50 require that the stations 64 have access to the public key [E (E, N)] E^ 
n} while the host system maintains the private key [D (D, N,] D=rd. n) and the constituent 
primes, pi, p2, . . . , Pk). Conversely, for secure communication from the host system 50 to 
one or more of the stations 64, the host system would retain a public key E' for each 
station 64, while the stations retain the corresponding private keys [E] D^. 

Replace the paragraph beginning at col 10, line 35 with the following: 

Other techniques for encrypting the communication could used. For example, the 
communication could be entirely encrypted by the RSA scheme. If, however, the 
message to be communicated[ion] is represented bv a numerical value greater than n-1, it 
v^U need to be broken up into blocks size M where 

[0<M<N-1] 0<M<n'l . 
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In the Claims 

Amend claims 1-13 (followin2 the format of the claims as presented herein, including 
insertion of new lines and indentations where applicable), and add new claims M-dl as follows: 

1. (Amended) A method [for establishing] of processing a message for use in cryptographic 
communications comprising the steps of: 

developing a composite number, n. as a product ofv vVj ', . . .pv wh ere k is an integer greater 
than 2. and pu p? pj. are distinct random prime numbers: and 

encoding a plaintext message word signal M to a ciphertext word signal C, where M corresponds 
to a number representative of [a] Ae message and 

0<M<n-\^ 

[n being a composite nxmiber formed from the product of prpi*. . . .*Pk where k is an 
integer greater than 2, pi, p2, - . . Pk are distinct prime numbers, and] where C is a number 
representative of an encoded form of the plaintext message word signal M such that 

C^M^ (mod n\ and [, wherein said encoding step comprises the step of: 

transforming said message word signal M to said ciphertext word signal C whereby 

C-M' (mod n)] 

where e is a number relatively prime to (pi -l)<p2 -ly^-'CPr^)- 

2. (Amended) The method according to claim 1 , comprising the further step of: 
establishing a number, d. as a multipUcative inverse of 

ermodacmffai -11 (vi -D (vu -ViSS): and 

decoding the ciphertext word signal C to the plaintext message word signal M[, wherein said 
decoding step comprises the step of: transforming said ciphertext word signal C] 
where [by:] 

[M=C^ (mod n)] M=&(mod n) 
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[where d is a multiplicative inverse of e(mod(lcm((pi -1), (pa -1), . . . , (Pk -1))))]* 

3. (Amended) A method [for transferring] of processing a message signal Mi for use in a 
communications system having j terminals, [wherein] each terminal [is] being characterized by 
an encoding key Ei =(ei, nO and decoding key Di =(di, n\), where i=l, 2, ... J, and [wherein] the 
message signal Mi [corresponds] corresponding to a number representative of a message-to-be- 
transmitted from the i*** terminal, the method comprising the steps of: 

computing a- where ni is a composite number of the form 

[ni =Pi,i •pi,2 . . . ,-pi,k] n\^p'ui'Pi 2' 'V]± 

where k is an integer greater than 2, 

P'i,u Pi,2, . . . , pi,k are distinct random prime numbers, 

Ci is relatively prime to [Icm(pij -1, pi,2 -1, Pi,k -1)] Icmfp n -Lpj^-K**- Pjl'V^^ and 

dj is selected from the group consisting of the class of numbers equivalent to a 
multiplicative inverse of 

(mod(lcm((pij -1), (p^ -1), . . . , (pix -!))));[, 

comprising the step of:] 

encoduig a digital message word signal [Ma]Mi for transmission from a first terminal (i=i[A]) to 
a second terminal (i=2[B]), said encoding step including the sub-step of: 

transforming said message word signal [Ma]Mi to one or more message block word signals 
[MA"]Mi'\ ^^^^ block word signal [Ma"]Mi" corresponding to a number representative 
of a portion of said message word signal [MA]Mi range 0< MV^ <n2 -l [0< Ma" 

transforming each of said message block word signals [Ma"]Mi" to a ciphertext word signal [Ca, 
Ca corresponding] G that corresponds to a number representative of an encoded form of 
said message block word signal [Ma"]Mi"[J where[by:] 

[Ca^Ma " (mod ns)] C^M, "^^ (mod w^) . 
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4. (Amended) A cryptographic communications system comprising: 

a communication [medium] channel adapted for transmitting a ciphertext word signal C that 
relates to a transmit message word signal M : 

[an jencoding means coupled to said channel and adapted for transforming [a] tiie transmit 
message word signal M to [a] M ciphertext word signal C using a composite number, n. 
where n is a product of the form 

n= pi'Pi' -Dv 

k is an integer greater than 2. and 

p, . p, pi, are distinct random t?rime numbers [and for transmitting C on said channel], 

where the transmit message word signal M corresponds to a number representative of a 
message and 

0< M < n-1 [where n is a composite number of the form 
n=pvPT -i^k 

where k is an integer greater than 2 and pi, p2, . . • , Pk are distinct prime numbers, and] 

where the ciphertext word signal C corresponds to a number representative of an 
[enciphered] encoded form of said message through a relationship of the formf and corresponds 
to] 

C=_M^ (mod n \ and 

where e is a number relatively prime to lcm(pl -1, p2 -1, . . . , pk -1); and 

[a jdecoding means coupled to said channel and adapted for receiving tiie ciphertext word signal 
C from said channel and for transforming the ciphertext word signal C to a receive 
message word signal M' where M' corresponds to a number representative of a 
[deciphered] decoded form of the ciphertext word signal C [and corresponds to] through 
a relationship of the form 

M=&{modri) 
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where d is selected from the group consisting of [the] a class of numbers equivalent to a 
multiplicative inverse of 

e(mod(lcm({pi -1), ipi -1), . . . , (pk -I))))- 

5. (Amended) A cryptographic conmiunications system having a plurality of terminals coupled 
by a communications channel, [including] comprising: 

a first terminal of the plurality of terminals characterized by an [associated] encoding key 
Ea =(eA, Ha) and a decoding key Da =(dA, ha), 

where[in] nA is a composite number of the form 

nA'='j>A,rPAa *• • • PA^k 
where 

k is an integer greater than 2, 

pA,u Pa,2? . . • . PA,k are distinct random prime nimibers, 

ca is relatively prime to 

\om{pA,i -I PAa -I . . . , pA,k -1), ^ 

dA is selected from the group consisting of the class of numbers equivalent to a 
multiplicative inverse of 

ba (mod(lcm((pA,i -1), (Pa,2 -1), .... ipkx -l))))iand[,] 
[and including ]a second terminal of the plurality of termina ls havingf. comprising:] 

blocking means for transforming a first message^[-to-be-transmitted] which is to be 

transmitted on said conmiunications channel from said second terminal to said 
first terminal^ to one or more transmit message word signals Mb, where each Mb 
corresponds to a number representative of said message in the range 

0<il4<w^-l, 

encoding means coupled to said channel and adapted for transforming each transmit 

message word signal Mb to a ciphertext word signal Cb Aat [and for transmitting 
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Cb on said channel, where Cb] corresponds to a number representative of an 
[enciphered] encoded form of said first message [and corresponds to] through a 
relationship of the form 

[Cb ^Mb'^ (mod n^)] ^ M/' (mod w J , 

[wherein ]said first terminal having [comprises:] 

decoding means coupled to said channel and adapted for receiving said ciphertext word 
signals Cb from said channel and for transforming each of said ciphertext word 
signals Cg to a receive message word signal [Mb]M and 

means for transforming said receive message word signal[s] [M*]M'b to said first 
message, where [M']M'b [is] corresponds to a number representative of a 
[deciphered] decoded form of Cb [and corresponds to] through a rel ationship of 
the form 

[Mb'^b"^ (mod n4)] M'^^C/'(modn^) . 

6. (Amended) The system according to claim 5 wherein said second termmal is characterized by 
an [associated] encoding key \Eb ={^b. nji)]En =(Qn . ng) and a decoding key [DB-(Db, d5)]DB 
=(dn. nn\ where[: 

] nB is a composite number of the form 

where k is an integer greater than 2, 

pg2- pn 9, . . . PRk [Pb,!, Pb,2. * . . PB,k] are distinct random prime numbers, 
cb is relatively prime to 
lcm(p/f,i-l,/?5,2-l. . . . PB.ir^\ and 

dB is selected from the group consisting of [the] a class of nximbers equivalent to a 
multiplicative inverse of 

Cb (mod(lcm((p5,i4), {pB,2 -1), • • - , ipB,k-V))% 

17 

SV/l 07030.02 
10192000/15:19/20206.14 



Attorney Docket No.: 20206-14 (PT-TA-410) 

[wherein ]said first terminal [comprises:] farther having 

blocking means for transforming a second message,[-to-be-transmitted] which is to be 
transmitted on said communications channel from said first terminal to said 
second terminal, to one or more transmit message word signals Ma, where each 
Ma corresponds to a number representative of said message in the range 

[0< Ma'® (mod ns)] 0<M4_<nnA 

encoding means coupled to said channel and adapted for transforming each transmit 

message word signal Ma to a ciphertext word signal Ca and for transmitting Ca 
on said channel, [ 

]where Ca corresponds to a number representative of an encoded[enciphered] 
form of said second message [and corresponds to] through a relationshin of the 
form 

[Ca^M/^ (mod tib)] - M^' {modn^) 

[wherein] said second terminal [comprises;] further having 

decodmg means coupled to said chaxmel and adapted for receiving said ciphertext word 
signals Ca from said channel and for transforming each of said ciphertext word 
signals to a receive message word signal [Ma ]M'a5 and 

means for transforming said receive message word signals [Ma]M'a to said message, [ 

]where [M'] M'a corresponds to a number representative of a [deciphered] 
decoded form of Ca [and corresponds to] through a relationship of the form 

[MJ^C/^ (mod ns)] M\ ^ C/' {mo&n,) . 



7. (Amended) A method [for estabUshing] of processing a message for use in cryptographic 
communications^ comprising the steps of: 

developing a composite number, n. as a product of at least 3 whole number factors greater than 
one, the factors being distinct random prime numbers; and 
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encoding a digital message word signal M to a [cipher text] ciphertext word signal C, where said 
digital message word signal M corresponds to a number representative of a message and 

0<M<n-l, 

[where n is a composite number having at least 3 whole number factors greater than one, the 
factors being distinct prime numbers, and] 

where said ciphertext word signal C corresponds to a number representative of an 
encoded form of sdd message [word M,] through a relationship o f the form 

[wherein said encoding step comprises the step of: 

transforming said message word signal M to said ciphertext word signal C whereby] 
C= Ge M' M'"^ +. . . +ao (mod n) 
where e and ae, ae-u . . * , ao are numbers. 

8. (Amended) [In the] A method according to claim 7 wherein said encoding step further 
includes the step of 

transforming said digital message word signal M to said cinertext word signal C by the 
performance of a first ordered succession of inveritble operations on [the 
further step of:] 

and wherein the method further comprises the step of: 

decoding said cipertext word signal C to said digital message word signal M by the performance 
of a second ordered succession of invertible operations on C, where each of the invertible 
operations of said second ordered succession is the inverse of a corresponding one of said 
first ordered succession, and where[in] the order of said invertible operations in said 
second ordered succession is reversed with respect to the order of corresponding 
invertible operations in said first ordered succession, 

9. (Amended) A communication system for [transferring] processing message signals [MJ, 
comprising: 
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[ ]j terminals including first and second terminals rstationsL each of the j [stations]terminals 
being characterized by an encoding key Ej -(ci, nO and decoding key Di =(di, ni)[ ], where 
i=l,2, . . . j, [and wherein 

Mi^corresponds to a number representative of a message signal to be transmitted from the 
i*^ terminal,] each of the i terminals being adapted to transmit a particu lar one of the 
message signals where an i^^ terminal corresponds to an i^^ message signal Mu and 

0<Mi<ni-l, 

ni [is] being a composite number of the form 
[rii "^piuPa . . Phk] Ri^ijrMji > > p\± 
where 

k is an integer greater than 2, 
Pu. Pa, * . . Pa are distinct random prime numbers, 
Ci is relatively prime to 
\cm{pix^,PiX^, . . .ArlX and 

di is selected from the group consisting of the class of numbers equivalent 

to a multiplicative inverse of 

ei (mod(lcm((pu -1), ipa -1), .... iPuk -1)))); 
saidlal first terminal [one of the j terminals] including 

means for encoding a digital message word signal [Ma] Mi [for transmission] to_be 
transmitted from said first terminal (i=i[A]) to [a]smd second terminal [one of the j terminals] 
(i=2[B]), said encoding means [for] transforming said digital message word signal [Ma]Mi to a 
signed message word signal [Mas] Mic using a relationship of the form [, Mis corresponding to a 
number representative of an encoded form of said message word signal Ma, 

whereby:] 

{Mas ^M/^ rmod ua)] M,^ ^ M/' (modwj . 
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10. (Amended) The communication system of claim 9 further comprising: 

means for transmitting said [signal]sigaed message word signal [Mas] Mis from said first 
terminal to said second terminal, [and wherein] 

said second terminal [includes] including 

means for decoding said signed message word signal [Mas] Mis to said digital message 

word signal [MaJ Mi using a relationship of the form [said second terminal 
including:] 

Ml =Mi/'(modnj) 

[means for transforming said signed message word signal Mas to said message word 
signal Ma, whereby 

Ma ^Mas'^ (mod Ha)]. 

1 1 . (Amended) A communications system for transferring a message signal [MJ, the 
communications system comprising: 

[ ]j communication stations including first and second stations, each of the \ 
communication stations being characterized by an encoding key Ei=(ei, nO and a 
decoding key Di =(di, nO, where i=l, 2,. . . , j, [and wherein Mi corresponds to a number 
representative of a message signal to be transmitted from the i* terminal,] each of the j 
communication stations being adapted to transmit a particular one of the message signals 
where an i^^ communication station corresponds to an i^^ message signal Mu and 

0<Mi<nA 

n/ [is] being a composite number of the form 
where 

k is an integer greater than 2, 

pi,h Pi,2? . . . ?pi,k are distinct random prime numbers, 
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ei is relatively prime to lcm(py -l,pi,2 -1, . . . ,Pu-l)? and 

di is selected from the group consisting of the class of numbers equivalent to a 
multiplicative inverse of 

ei (mod(lcm((pu -1), (pa -1). .... (Pik -1)))). 

[a]said first station [one of the j communication stations] including 

means for encoding a digital message word signal [Ma] Mi [for transmission] to be 

transmitted from said first station [one of the j communication stations] (i= 1 [A]) 
to [a] said second station [one of the j communication stations] (i=2[B]), 

means for transforming said digital message v^ord signal [Ma] Mi to one or more 

message block word signals P^a ] Mil^ each block word signal [Ma'] Mi" being a 
number representative of a portion of said message word signal [Ma ]Mi in the 
range 

0<Mi*'<n7 -l I0< Ma < ne -1], and 

means for transforming each of said message block word signals [Ma"] Mi " to a 

ciphertext word signal C using a relatinshin of the form [Ca , Ca corresponding 
to a number representative of an encoded form of said message block word signal 
Ma", whereby:] 

{Ca ^Ma^' (mod hb)] C, ^ M\'^ (modn,) . 



12. (Amended) The communications system of claim 1 1 further comprising: 

means for transmitting said ciphertext word signals Ci from said first [terminal] station to said 
second [terminal] station , [and] 

wherein said second [terminal] station includes 

means for decoding said ciphertext word signals Ci to said message block word signals 
[MA] Ml " using a relationship of the form [. said second terminal including: 

means for transforming each of said ciphertext word signals Ca to one of said message block 
word signals Ma", whereby 
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means for transforming said message block word signals [Ma"] Mi" to said message 
word signal [Ma]Mi- 

13. (Amended) [In a] A communications system, [including] comprising: 
a first station; and 

[and] a second [communicating] station[s inter]connected to the first station for communications 
therebetween, 

the first communicating station having 

encoding means for transforming a transmit message word signal M to a ciphertext word 
signal C where transmit message word signal M corresponds to a number 
representative of a message and 

0<M<nA 

[where] n [is] being a composite number formed as a product of [having] at least 
3 whole number factors greater than one, the factors being distinct random prime 
numbers, and 

where the ciphertext word signal C corresponds to a number representative of an 
[enciphered] encoded form of said message through a re lationship of the form [and 
corresponds to] 

C= ae M'"^ +. . . +ao (mod n) 

where e and a^, ae_i[-l], . . . , ao are numbers; and 

means for transmitting the ciphertext word signal C to the second [communicating] 
station. 
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New Claims: 



14. A method of processing a message for use in cryptographic communications comprising 
the steps of: 

selecting a public key portion e; 

developing k distinct random prime numbers. j??' - - Pj^- where A: > 3. and checking that each 
of the k distinct random prime numbers minus \. vv-l, piA. , . . vxr-X/i ^ relatively prime 
to the public key portion e\ 

computing a composite number, n. as a product of the k distinct random prime numbers: and 

encoding a plaintext message data M to a ciphertext message data C using a relationship of the 
form (mod n\ where 0<M<n-l . 

15. The method according to claim 14. comprising the ftirther step of: 

establishing a private key portion by a relationship to the public key portion e in the form of 
d^e-\mod{{p, -1)-(A -\y-{Pu -l)))i and 

decoding the ciphertext message data C to the plaintext message data Musing a relationship of 
the form Afe (mod ri). 

16. A method of processing a message for use in cryptographic communications comprising 
the steps of: 

selecting a public key portion g; 

developing k distinct random prime numbers, vu pi. , , . pv . where k>3. and checking that each 
of the k distinct random prime numbers minus L p^-L p?-^ ■ . ^ is rel atively prime 
to the public key portion e: 

establishing a private key portion <i by a relationship to the public key portion e in the form of 
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d^e-' (mod((A - 1) ' " 1) " ■ iPk - 1))) I 
computing a composite number, n, as a product of the k distinct random prime numbers: 
obtaining a ciphertext message data C: and 

decoding the ciphertext message data C to a plaintext message data Musing a rela tionship of the 
formM=C^tood n\ 

1 7. The method according to claim 1 6, comprising the further step of: 

encoding the plaintext message data M to the ciphertext message data C using a relationship of 
the form (mod n\ where 0<M<n-\, 

18. A method of processing a message for use in cryptographic com munications comprising 
the steps of: 

selecting a public key portion g; 

developing k distinct random prime numbers, vu pi. . , . v\r. vv^here A: > 5, and checking that each 

of the k distinct random prime numbers minus 1. vo-l Pj.-L is relatively prime 

to the public key portion e: 

estabUshing a private kev portion <i by a relationship to the public key portion e of the form 

d^e-' (mod((A -l)'iP2-i)'- {Pu " 1))) 1 
computing a composite number, n, as a product of the k distinct random prime numbers; 

encoding a plaintext message data M with the private kev portion d to produce a signed message 
M using a relationship of the form Mc^ (mod n\ where 0<M<n-\ . 

19. The method of claim 1 8 further comprising the step of: 

decoding the signed message Mg_with the public kev portion e to produce the plaintex t message 
data Musing a relationship of the form Afe M/ (mod n), 
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20. A method for increasing the efficiency of a cryptographic process, comprising the steps 
o£ 

selecting a public key portion e: 

developing k distinct random prime numbers, vu py Vv. where > 3, and che cking that each 

of the k distinct random prime numbers minus vv-l. is r elatively prime 

to the public key portion e\ 

computing a composite number, n, as a product of the k distinct random prime numbers: and 

encoding a plaintext message data M to a ciphertext message data C using a relationship of the 
form C= fmod n\ where 0<M<nA. 

whereby a computational speed of the cryptographic process is increased. 

21 ■ The method according to claim 20. comprising the further step of: 
establishing a private key portion ^ by a relationship to the public key portion e in the form of 
d^e-' (mod((pi ~\)'{P2-\)-' {Pu - m land 

decoding the ciphertext message data C to the plaintext message data Musing a relationship of 
the form Afe C ^ (mod n), 

22. A method for increasing the efficiency of a cryptographic process, com prising the steps 
of: 

selecting a public key portion e\ 

developing k distinct random prime numbers, vu pi % where A: > i, and checking that each 

of the k distinct random prime numbers minus \.v \ A.pi-\....pv-\/i% relatively prime 
to the public key portion ei 

establishing a private key portion t/ by a relationship to the public key portion e in the form of 
d^e-' (mod((A - 1) • (i?2 - 1) • • • {Pk - m k 
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computing a composite number, n. as a product of the k distinct random prime numbers; 
obtainin g a ciphertext message data C: and 

decoding the cinbertext message data C to a niaintext mes sage data Musing a relationship of the 

form M=C/ (mod n\ 
whereby a computational speed of the cryptograph ic process is increased. 

23. The method according to claim 22. compri sing the further step of: 

encoding the plaintext message data M to th e ciphertext message data C, using a relationship of 
the form Cs (mod n\ where 0<M<n-\. 

24. The method according to claim 20. wherein p and a are a pair of prime numbers the 
product of which equals n. and wherein the k distin ct random prime numbers are each smaller 
than D and a. whereby for a given length of n it takes fewer computational cycles to find and 
check the K distinct random prime numbers that it t akes to find and check the pair of prime 
numbers p and q. 

25. The method according to claim 22. wherein p and a are a pair of prime numbers the 
product of which equals n. and wherein the k distinc t random prime numbers are each smaller 
than p and q- whereby for a given length of n it tak es fewer computational cycles to find and 
check the K distinct random prime numbers that it takes to find and check the pair of prime 
numbers p and q. 

26. The method according to claim 24. wherein the develo ping and computing steps can be 
performed for n that is more than 600 digits long fa ster than heretofore possible with only the 
pair of prime numbers p and q. 
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27. The method according to claim 25. wherein the develop ing, computing and encoding 
steps can be performed for n that is more than 600 digit s long faster than heretofore possible with 
only the pair of prime numbers p and q. 

28. The method according to claim 14. wherein p and a a re a pair of prime numbers the 
product of which equals n. and wherein the k distinct random pr ime numbers are each smaller 
than p and q. whereby for a given length of n it takes fewer com putational cycles to find and 
check the K distinct random prime numbers that it takes to find and check the pair of prime 
numbers p and q. 

29. The method according to claim 28. wherein the developin g and computing steps can be 
performed for n that is more than 600 digits long fas ter than heretofore possible with only the 
pair of prime numbers p and q. 

30. The method according to claim 16. wherein p and q a re a pair of prime numbers the 
product of which equals n. and wherein the k distin ct random prime numbers are each smaller 
than p and q- whereby for a given length of n it takes fewer co mputational cycles to find and 
check the K distinct random prime numbers that it t akes to find and check the pair of prune 
numbers p and q. 

31. The method according to claim 30. wherein the deve loping and computing steps can be 
performed for n that is more than 600 digits long f aster than heretofore possible with only the 
pair of prime numbers p and q. 

32. The method according to claim 18. wherein p and q are a pair of prime numbers the 
product of which equals n. and wherein the k distinct random p rime numbers are each smaller 
than p and g. whereby for a given length of n it takes fewer computational cycles to find and 
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check the K distinct random prime numbers that it takes to find and check the pa ir of prime 
numbers p and q. 

33. The method according to claim 32. wherein the developing and computing steps can be 
performed for n that is more than 600 digits lone faster than heretofore pos sible with only the 
pair of prime numbers p and q. 

34. The method according to claim 14. wherein a message proces sed in accordance with the 
method is compatible with two-prime RSA public kev cryptography. 

35. The method according to claim 14. wherein a message processe d in accordance with the 
method is compatible with two-prime RSA public kev cryptography. 

36. The method according to claim 16. wherein a message proces sed in accordance with the 
method is compatible with two-prime RSA public kev cryptography. 

37. The method according to claim 18. wherein a message processed in acco rdance with the 
method is compatible with two-prime RSA publ ic kev cryptography. 

38. The method according to claim 20. wherein message data processed in acc ordance with 
the method is compatible vnth two-prime RSA public kev cryptography. 

39. The method according to claim 22. wherein message data processed m acc ordance with 
the method is compatible with two-prune RSA pubUc kev cryptography. 

40. A cryptography method for local storage of data bv a private kev owner, comprising the 
steps of: 

29 

SV/108387.01 
10192000/16:23/20206.14 



Attorney Docket No.: 20206-14 (PT-TA-410) 



selecting a public key portion e: 

developing k distinct random prime numbers, vu pi pv. where ^ > 3 . and checking that each 

of the k distinct random prime numbers minus L Vi'\. pr-l Vk-l. is relatively prime 

to the public key portion e: 

establishing a private kev portion J bv a relationship to the public key po rtion e in the form of 

d^e"' jmodiip, - 1) ■ - 1) " ' (Pk - O)) I 

computing a composite number, n, as a product of the k distinct random prime numbers that are 
factors of n. where only the private key owner knows the fac tors of n: 

encoding plaintext data Mto ciphertext data C for the local storage, us ing a relationship of the 
form C= (mod n\ where 0<M<nA, 

4 1 . The cryptography method in accordance with claim 40, further comprising the step of: 
decoding the ciphertext data C from the local storage to the plaintext dat a Musing a relationship 

of the form M= (mod n\ 

42. A cryptographic communications system, comprising: 
a plurality of stations; 

a commimications medium: and 

a host system adapted to conduct encrypted communications with the plurality of stations via the 
communications medium, the host system including 

at least one crvptosvstem responsive to encryption and/or decryption requests from the 
host system, the cryptosystem being configured for 

developing k distinct random prime numbers, v u , pi pi.- where k>3^ 

checking that each of the k distinct random prime numbers minus l.V v-X.pijl 

j9i.-L is relatively prime to a public key portion e that is associated with the 
host system. 
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computing a composite number, n. as a product of the k distinct random prime 
numbers, 

encoding a plaintext message data M producing the refrom a ciphertext message 
data C to be communicated via the host system, t he encoding using a 
relationship of the form C= (mod ri). where 0<M:^-l. 

establishin g a private kev portion dhwa. relationship to the p ublic kev portion e 
in the form ofd = e-'(mod(07i -1)-(P2 -^)"<Pk -l)))l 2ad 

decoding a ciphertext message data C commun icated via the host producing 
therefrom a plaintext message data M using a r elationship of the form 
M=C'^ (mod n\ where C and A/ can be r espectively C and M. 

43 ■ A system for processing a message used in cryptograp hic communications, comprising: 
a bus: and 

a crvptosvstem ooerativelv coupled to and receiving from the bus encryption and decryption 
requests, the crvptosvstem being capable of 

providing a public kev portion e. 

developing k distinct random prime numbers, m.vi Pv, wher e k>3, 

checking that each of the k distinct random prime numbe rs minus 1. f?i-l. P7-I P\cL 

is relatively prime to the public kev portion e, 
com puting a composite number, n. as a product of the k d istinct random prime numbers, 
encoding a plaintext form of a first message M to produce a ciphertext form of the first 

message C using a relationship of the form C= ( mod n\ where Q<M <h-l, 

establishing a private kev portion d hv a relationsh ip to the public kev portion e in the 
form of d = e-\mod{(p^ -1) • -1) ' ' ' (Pk -1)))^ 
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decoding the ciphertext form of a second message C to produce the plaintext form of the 
second message M* using a relationship of the form M= C'^ (mod n\ the first and 
second messages can be one and the same. 

44. The system of claim 42. wherein the at least one crvptosvstem includes 

a plurality of exponentiators configured to operate in parallel in developing respective 
subtask values corresponding to the message. 

45. The system of claim 42, wherein the at least one crvptosvstem includes 
a processor. 

a data-address bus, 

a memory operativelv coupled to the processor via the data-address bus. 

a data encryption standard (PES) unit operativelv coupled the memory and the processor 
via the data-address bus. 

a plurality of exponentiator elements operativelv coupled to the processor via the PES 
unit, the plurality of exponentiator elements being configured to operate in 
parallel in developing respective subtask values corresponding to the message. 

46. The system of claim 45. wherein the memory and each of the plurality of exponentiator 
elements has its own PES unit that encrypts message data received/returned from/to the 
processor. 

47. The system of claim 45. wherein the memory is partitioned into address spaces 
addressable by the processor including secure, insecure and exponentiator elements address 
spaces, and wherein the PES unit that is coupled to the processor is configured to recognize the 
secure and exponentiator elements address spaces and to automatically encrypt message data 
therefi*om before it is provided to the exponentiator elements, the PES unit being bypassed when 
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the processor is accessing the insecure memory address spaces, the PES unit being further 
configured to decrypt encrypted message data received from the memory before it is provided to 
the processor 

48. The system of claim 45. wherein the at least one crvptosystem meets FIPS (Federal 
Information Processing Standard) 140-1 level 3, 

49. The system of claim 45. w^herein the processor maintains in the memory the public key 
portion e and the composite number n vnth its factors pu Pi pv . 

50. A system for processing a message used in cryptographic communications, comprising: 
a bus: and 

a crvptosystem receiving from the system via the bus encryption and decryption requests, the 
crvptosystem including 

a plurality of exponentiator elements configured to develop subtask values. 

a memory, and 

a processor configured for 

receiving the encryption and decryption requests, each encryption request 
providing a plaintext message Mto be encrypted, each encryption request 
can additionally provide a public key that includes an exponent e and a 
representation of a modulus n in the form of its k distinct random prime 
number factors pu pj. . . . pv. v^here A: > 3. or the processor can obtain the 
public key from the memory. 

constructing subtasks to be executed by the exponentiator elements for producing 
respective ones of the subtask values. G. C?. . . . Cir. and 

forming a ciphertext message C from the subtask values Cu C?. . . . Ck . 
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51. The system of claim 50 wherein each one of the subtasks C u Co. . . . Cic is developed 
using a relationship of the form = M/' (mod ) > where M,. ^M(mod;?,.)^ _and 

= e(mod Pf - 1) , wherei=L2. ... k. 



52. A system for processing a message used in cryptographic commun ications^ comprising: 
a bus: and 

a cryptosystem receiving from the system via the bus encryption and decryption requests, the 
crvptosvstem including 

a plurality of exponentiator elements configured to develop sub task values. 

a memory, and 

a processor configured for 

receiving the encryption and decryption requests, eac h encryption/decryption 

request providing a plaintext/ciphertext messa ge M/C to — be 

encrypted/decrypted and can additionally provide a public/p rivate key that 
includes an exponent e/d and a representation of a mod ulus n in the form 

of its k distinct random prime number factors p u pi g>u where A: > 5, or 

the processor can obtain the public/private kev from the memory. 

constructing subtasks to be executed bv the exponentiato r elements for producing 
respective ones of the subtask values. Mu Mi MUC u Ck and 

forming the cinhertext/plaintext message C/M from the sub task values Cu C?, . 

53. The system of claim 52 wherein when produced each one of the subtasks Cu G. . . . CiJs 
developed using a relationship of the form C,. = M"' (mod p^ ) , where C, = C(mod;?,)^ ^ 

e. = e(mod p^ - 1) .where i=L2. ... k. 
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54. The system of claim 52 wherein when produced each one of th e subtasks Mu M? Mk 

is developed using a relationship of the form M.. = Cf' (mod;?,),_w^ ^M,. =M(modj?,)^ aid 

d, = J(mod Pi - 1) iwherei=1.2. ... k. 

55. The system of claim 54. wherein the private kev expo nent d relates to the public key 
exponent e via d = e"' ( mod(( j?, - 1) • (j?2 ~ 1) ' ' ' (Pk ~ 1))) ^ 

56. A system for processing a message used in cryptograph ic communications, comprising: 
means for selecting a p ublic key portion e: 

means for developing k distinct random prime numbers. P u r y>. . . . Pk, wher e A: > 3, and for 

checking that each of the k distinct random prime nu mbers minus 1. Pi-1. PicL 

is relatively prime to the public kev portion e: 

means for estabhshing a private kev portion ^ bv a r elationship to the public kev portion e in the 
form of d = g'^ (m od((;?i - 1) • (j72 - 0 ' ' ' iPk - W) k 

means for computing a composite number. «. as a product of the k distinct random prime 
numbers; 

means for obtaining a ciphertext message dat a C: and 

means for decoding the cinhertext message data C to a plain text message data M using a 
relationship of the form M= (mod nX 

57. The system according to claim 56. finther comprising: 

means for encoding the plaintext message data M to the cip hertext message data C, using a 
relationship of the form C= Cmod n\ where 0<M<n-\. 

58. A system for processing a message used in cryptographic com munications, comprising: 
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means for selecting a public key portion e; 

means for developing k distinct random prime numbers, d u Pi- . ■ . % where A: > 5, and for 
checking that each of the k distinct random prime numbers minus \,Di-\,pi-\. . . . dv-\^ 
is relatively prime to the public kev portion e: 

means for establishing a private key portion J bv a relationshi p to the public key portion e of tiie 
form d = e-' ( mod(( - 1) • (^2 - 0 ' ' ' iPk - 1))) I 

means for computing a composite number, n. as a product of the k distinct random prime 
numbers: 

means for encoding a plaintext message data M wife the pri vate key portion d to produce a 
si gned message using a relationship of the form M.^ (mod n \ where 0<M^-\. 

59. The system of claim 58 further comprising the step of: 

means for decoding the sipned message M with the private key po rtion e to produce the plaintext 
message data Musing a relationship of the form il^ M/ Cmod n\ 

60. The system of claim 57. wherein the system can conduct encrypt ed communications with 
other public kev cryptography system that encrvpt/decrvpt data using a modulus value equal to n 
independent of the k distinct prime numbers. 

61 . The system of claim 59. wherein the system can conduct encryp ted communications with 
other public kev cryptography systems that encrvpt/decrvpt data using a m odulus value equal to 
n independent of the k distinct prime numbers. 
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REMARKS 

This Preliminary Amendment is filed concurrently with a Reissue Application for U.S. 
Patent No. 5,848,159 (hereafter the "original patent"). 

Status of the Claims ; 

As of the date of this Preliminary Amendment, claims 1-13 of the original patent are 
amended and remain pending; claims 14-61 have been added. Thus, claims 1-61 are now 
pending in the Reissue Application. 

Statement of Support in the Disclosure of the Original Pa tent for the Amendments; 

The Specification : 

The specification of the original patent has been amended to correct typographical errors 
and other matters of form and to render the specification consistent throughout and with the 
claims. Support for the amendments to the specification may be found throughout the original 
patent. No new matter has been introduced by the amendments to the specification. 

In general, changes embodying corrections of typographical errors and other matters of 
form are self explanatory and need no fiirther explanation. As to the matiiematical expressions, 
equations expressing any congruence of the form b=c(mod m) or the like, where b is congruent 
to c and m is the modulus, are mathematically written in proper form as 6= c(mod m) . 
Accordingly all the equations are written in proper form, e.g., CsM*(mod «). Were appUcable, 
the parentheses (e.g., around "mod n") are properly added as well. 

Support for amendments to the paragraph beginnmg at column (hereafter "col."), line 4 
may be found in col. 1 of the cover page. Support for the amendments to the paragraph 
beginning at col. 3, line 23 and the paragraph beginning at col. 3, line 27 may be found for 
example at col. 2 of the cover p^e and col. 13, lines 44-47. 

37 

SV/108507.01 
10192000/16:35«0206.14 



Attorney Docket No.: 20206-14 (PT-TA-410) 

Support for amendments to the paragraph beginning at col. 3, line 36, may be found at 
column 5, lines 31-33. Support for amendments to the paragraph begmning at col. 3, line 56, 
may be found for example at col. 3, lines 20-26, col. 3, lines 44-55 and col. 4, lines 9-11. Support 
for amendments to the paragraph beginning at col. 4, Ime 6, may be found for example at col. 
3,lines 20-26, col. 4, lines 6-12, 32-34 and 52-56. 

Support for amendments to the paragraph beginning at col. 4, line 13 and the paragraph 
beginning at col. 4, line 50, may be found for example at col. 3 line 42, col. 4, line 41, and col. 
10, lines 54-56. Further support for amendments to the paragraph beginning at col. 4, Ime 50 
may be found at col. 4, lines 50-52. 

Support for paragraph inserted before the paragraph beginning at col. 5, line 52, may be 
found for example at col. 14, lines 30-36 and 45-49. Support for amendments to the paragraph 
beginning at col. 5, line 30, may be found for example at col. 2, Unes 5-10, col. 3, line 42, col. 4 
line 41, col. 5, line 39, col. 10, line 65 and col. 11, lines 8-9. Further support for amendments to 
the paragraph beginning at col. 5, line 30, may be found in the multitude of mathematical 
expressions where d, the private key portion, is the "exponent," e.g., Ms C ''(mode n) at col. 6, 
lines 1-5. 

Support for amendments to the paragraph beginnuig at col. 6, line 24, may be found for 
example at col. 5, Imes 31-33, col. 6, line 37 C^Yk.."), col. 7, Ime 15, and col. 1 1, lines 15- 
20. Support for amendments to the paragraph beginnmg at col. 6, line 65, may be found for 
example at col. 6, lines 1-4, 26-35, 40-53 and 67. Support for amendments to the paragraph 
begmnmg at col. 7, line 1, may be found for example at col. 2, lines 32-34 and 40, col. 3, lines 
22-26, col. 4, lines 32-34, col. 6 line 38 and col. 7, lines 56-58. 

Support for amendments to the paragraph beginnmg at col. 8, line 1, is fund in col. 8 line 
3 (i.e., FIPS 140-1 with level 3 is a well known standard. See: 

http://csrc.nist.gov/fips/fipsl401.htm). Support for amendments to the paragraph begmning at 
col. 10, Une 15, may be found for example at Figure 3. Support for amendments to the paragraph 
begmning at col. 10, line 35, may be found for example ui col. 10 line 40 and Une 53 (i.e., M is 
represented by a numerical value greater than 0 and smaller than n). 
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The Claims : 

Claims 1-13 of the original patent have been amended to correct typographical errors and 
other matters of form, as well as to recite more clearly and particularly the subject matter which 
Applicants regard as their invention. New claims 14-61 have been added to further point out and 
distinctly claim subject matter which AppUcants regard as their invention. Support for the 
amendments to claims 1-13 and for the newly added claims, 14-61, may be found throughout the 
original patent. No new matter has been introduced by the amendments to the claims. 

In general, claim amendments embodying corrections of typographical errors, antecedent 
basis errors, and other matters of form are self explanatory and need no further explanation. As 
to the mathematical expressions, equations expressing any congruence of the form Z)=c(mod m) 
or the like, where b is congruent to c and m is tiie modulus, are mathematically written in proper 
I form as b= cfmod m). Accordingly all the equations are written in proper form, e.g., C= M^(mod 
} n). Were applicable, parentheses (e.g., around "mod k") are properly added as well. 

I Support for amendments to claim 1 as now presented may be found, for example, at 

claim 1 as presented in the original patent, as well as col.l, lines 32-42, col. 3, lines 39-44, col. 5, 
? lines 30-33, col. 7, lines 25-28 and col. 8, lines 8-11. Support for amendments to claim 2 as now 
k presented may be found, for example, at clauns 1 and 2 as presented in the original patent, as 
j well as col. 2, lines 24-30, col. 5, lines 36-40 and col. 14, lines 19-24. Shnilariy, support for 
i amendments to claims 3-13 as now presented may be found, for example, at claims 1-13 as 
! presented in the original patent. Further support for the amendments to claims 3- 1 3 as now 
presented may be found for example at col.l, Imes 32-42, col. 2, lines 24-30, col. 3, lines 39-44, 
col. 5, lines 30-40, col. 7, lines 25-28, col. 8, lines 8-11, and col. 14, lines 19-24. Further support 
for amendments to claim 12 as now presented may be found for example at coL9, lines 48-50. 

As to the newly added claims, support for claim 14-23, 40-43, and 50-58 may be found, 
for example, at col. 1, lines 32-42, col.3, Imes 35-44, col. 4, Unes 37-49, col. 5, lines 30-33 and 
36-51, col. 7, lines 25-28, col. 8, lines 8-11, col. 14, lines 30-36. Further support for new claims 
14-23, 40-43, and 50-58 may be found at claims 1-13 as presented in the original patent. For 
example, support for new claims 18 and 19 may be found in claim 9, i.e., col. 14, lines 30-36. 
Further support for new claims 20 and 22 may be found at col. 3, lines 30-36 and 53-55, and col. 
7, lines 25-28. Support for new claims 24-33 may be found for example at column 3, lines 36-65. 
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Support for new claims 34-39 may be found for example at col. 4, lines 8-12 and col. 5, lines 61- 
63. Further support for new claims 40 and 41 may be found at col. 5, lines 58-61. Further support 
for new claims 42, 43, 50-52, and support for new claims 44-49 may be found at Figures 1-3, and 
the accompanying description at col. 7, line 34 to col. 10, Hnes 34. Further support for new 
claims 50-54 may be found at col. 5, line 52 to col. 6, line 6. Finally, support for claims 60 and 
61 may be found at col. 4, lines 6-13 and col. 5, lines 61-63. 

Summary : 

Entry of the foregoing amendments to the specification and claims is hereby respectfully 
requested. Claims 1-61 are now presented for examination in the Reissue Application which is 
believed to be in condition for allowance. Prompt examination and allowance of the pending 
claims is therefore respectfully requested. 

Concurrent Office Proceedings; and Petition for Waiver of Delay; 

It is noted that Reexamination Requests respecting the original patent have been filed 
with the U.S. Patent and Trademark Office on May 18, 2000 (Order Granting Reexamination 
mailed July 19, 2000; Control No. 90/005,733) and on July 28, 2000, respectively. In view of the 
concurrent office proceedings. Reexamination and Reissue Application, it is hereby requested 
that the Reexamination proceeding be staved until the Reissue Application proceeding is 
concluded, or, in the alternative, that the Reexamination proceeding be merged with the Reissue 
Application proceeding (37 C.F.R. 1.565(d)). 

In view of the concurrent office proceedings, a Petition under 37 C.F.R. 1 .183 to wdve 
the 2-months delay for protest is attached herewith. Examination of the Reissue Application 
should commence without delay and before the Reexamination proceeds. 
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Fee Authorization ; 

If for any reason an insufficient fee has been paid, the Commissioner is hereby authorized 
to charge any deficiency in payment of required fees associated with this communication to 
Deposit Account 02-3964, 



Date: October 19, 2000 
Oppenheimer Wolff & Donnelly LLP 




3373 Hillview Avenue By: Leah Sherry, 

Palo Alto, CA 94304 Attorney for Applicant 

Tel: (650) 320-4000 Reg. No. 43,918 



CERTIFICATE OF MAILING (37 CFR LlO(a)) 

CERTIFICATE OF MAILING BY "EXPRESS MAIL" - Rule 10: I hereby certify that this correspondence is being deposited 
on October 5, 2000 with the U.S. Postal Service "Express Mail Post Office to Addressee" under 37 CFR LIO as Express Mail 
No. EL655031318US addressed to: Box Reissue Patent Application, Assistant Commissioner for Patents, Washington, D.C. 
20231 

Date: October 19, 2000 
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PUBLIC KEY CRYPTOGRAPHIC 
APPARATUS AND METHOD 

This application claims the benefit of U.S. Provisional 
AppUcation No. 60/033,271 for PUBLIC KEY CRYTO- 5 
GRAPHIC APPARATUS AND METHOD, filed Dec. 9. 
1996. naming as inventors, Thomas CoOns, Dale Hopidns. 
Susan Langford and Michale Sabin. the discolsiure of which 
is incorporated by reference. 

10 

BACKGROLTND OF THE INVENTION 

This invention relates generally to communicating data in 
a secure fashion, and more particularly to a cryptographic 
system and methods using public key cryptography, ^5 

Computer systems are found today in virtuaUy every walk 
of life for storing, maintaining, and transferring various 
types of data. The integrity of large portions of this data, 
especially that portion relating to financial transactions, is 
vital to the health and survival of numerous commercial 20 
enterprises. Indeed, as open and unsecured data communi- 
cations channels for sales transactions gain popularity, such 
as credit card transactions over the Internet, individual 
consumers have an increasing stake in data securit}'. 

25 

Thus, for obvious reasons, it is imponant that financial 
transaction communications pass from a sender to an 
intended receiver without intermediate parties being able to 
inteipret the transferred message. 

Cryptography, espedaliy public key cryptography, has 30 
proven to be an effective and convenient technique of 
enhancing data privacy and authentication- Data to be 
secured, called plaintext, is transformed into encrypted data, 
or ciphcrtext, by a predetenmned encryption process of one 
type or another. The reverse process, transforming ciphertext 35 
into plaintext, is termed decryption. Of particular impor- 
tance to this invention is that the processes of encryption and 
decryption are controlled by a pair of related cryptographic 
keys. A "public" key is used for the encryption process, and 
a "private" key is used to decrypt ciphertext. The public key 4^ 
transforms plaintext to ciphertext. but cannot be used to 
decrypt the ciphertext to retrieve the plaintext therefrom 

As an example, suppose a Sender A wishes to send 
message M to a recipient B. The idea is to use public key E 
and related private key D for encryption and decryption of 
M. The public key E is public information while D is kept 
secret by the intended receiver. Further, and importantly, 
although E is determined by D. it is extremely difficult to 
compute D from E. Thus the receiver, by publishing the 
public key E. but keeping the private key D secret, can 
assure senders of data encrypted using E that anyone who 
intercepts the data \^ ill not be able to decipher it. Examples 
of the public key/private key concept can be found in U.S. 
Pat. Nos. 4J0a770. 4,218.582. and 4.424.414. 

The prior art includes a number of public key schemes, in 
additiOQ to those described m the above-identified patents. 
Over the past decade, however, one system of public key 
cryptography has gained popuiarir\'. Known generally as the 
"RS A" scheme, it is now thought bv manv to be a worldwide ,^ 
de facto standard for public key cryptography. The RSA 
scheme is described in U.S. Pat. No. 4.405.829 which is 
fully incoqx)rated herein by this reference. 

The RSA scheme capitalizes on the relative ease of 
creating a composite number from the product of two prime 65 
numbers whereas the attempt to factor the composite num- 
ber into its constituent primes is difBcuk. The RSA scheme 
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uses a public key E coraprising a pair of positive integers n 
and e. where n is a composite number of the form 

where p and q are different prime numbers, and e is a number 
relatively prime to (p-lj and (q-1); that is. e is relatively 
prime to (p-I) or (q-1) if e has no factors in common with 
either of theirt Importantly, the sender has access to n and 
e, but not to p and q. The message M is a number repre- 
sentative of a message to be transmitted wherein 

O^M<rt-l. (2) 



The sender enciphers M to aeate ciphertext C by computing 
15 the exponential 

C=/V/*(iix>d n). (3) 

The recipient of the ciphertext C retrieves the message M 
20 using a (private) decoding key D. comprising a pair of 
positive integers d and n. employing the relation 

/W=C^(mod n) (4) 

^ As used in (4). above, d is a multiplicative inverse of 

e(modacm((f^n, (q~l)))) (5) 



so that 



3Q e-<f=l(mod(lcm((^U (^1)))) (6) 

where lcra((p-l). (q-1)) is the least common multiple of 
numbers p-1 and q-1. Most commercial implementations of 
RSA employ a different, although equivalent, relationship 
for obtaining d: 

This alternate relationship sin^Mes computer processing. 
Note: Mathematically (6) defines a set of numbers and (7) 
4C defines a subset of that set For in^lementation. (7) or (6) 

usually is interpreted to mean d is the smallest positive 

element in the set,) 
The net effect is that the plaintext message M is encoded 

knowing only the public key E (i.e-. e and n). The resultant 
45 ciphertext C can only decoded using decoding key D. The 

composite number n. which is part of the public key E. is 

computationally difBcult to factor into its components. 

prime numbers p and q. a knowledge of which is required to 

decrypt C, 

50 From the time a security scheme, such as RSA. becomes 
publicly known and used, it is subjected to unielenting 
attempts to break it. One defense is to increase the length 
(i.e.. size) of both p and q. Not long ago it was commonly 
recommended that p and q should be large prime numbers 75 

55 digits long (i.e.. on the order of 10^^). Today, it is not 
uncommon to find RSA schemes being proposed wherein 
the prime numbers p and q are on the order of 150 digits 
long. This makes the product of p and q a 300 digit number. 
(There are even a handful of schemes that employ prime 

60 numbers (p and q) that are larger, for example 300 digits 
long to form a 600 digit product) Numbers of this size, 
however, tend to require enormous computer resources to 
perform the encryption and decryption operations. Consider 
that while computer instruction cycles are typically mea- 

65 sured in nanoseconds (billionths of seconds), computer 
computations of RSA steps are typically measured in mil- 
liseconds {thousandths of seconds). Thus millions of com- 
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puter cycles are required to compute individual RSA steps 
resulting in noticeable delays to users. 

This problem is exacerbated if the volume of ciphertext 
messages requiring decryption is large — sudi as can be 
expected by commercial transactions employing a mass 5 
communication medium such as the Internet A financial 
institution may maintain an Internet site that could conceiv- 
ably receive thousands of enciphered messages ever>* hour 
that must be decrypted, and perhaps even responded to, 
Using larger numbers to form the keys used for an RSA ig 
scheme can impose severe limitations and restraints upon 
the institution's ability to timely respond. 

Many prior an techniques, while enabling the RSA 
scheme to utilize computers more efSciently, nonetheless 
have failed to keep pace with the increasing length of n, p. 15 
and q. 

Accordingly, it is an object of this invention to pro\'ide a . 
system and method for rapid encryption and decryption of ! 
data without compromising data security. l 

It is another object of this invention to provide a system 20 ' 
and method that increases the computational speed of RSA 
encryption and decryption techniques. 

It is still another object of this invention to provide a 
system and method for unplementing an RSA scheme in 
which the components of n do not increase in length as n 25 
increases in length. 

It is still another object to provide a system and method 
for utilizing multiple (more than two), distinct prime number 
components to create n. 

It is a further object to provide a system and method for 3C 
providing a technique for reducing the computational effort 
for calcidating exponentiations in an RSA scheme for a 
given length of n. 

SUMMARY OF THE INVENTION 

35 

The present invention discloses a method and apparatus 
for increasing the computational speed of RSA and related 
public key schemes by focusing on a neglected area of 
computation inefficiency. Instead of n=p-q, as is universal in 
the prior art. the present invention discloses a method and 40 
apparatus wherein n is developed from three or more distinct 
prime numbers: i.e.. n=pi-p2-. . . -pj^- where k is an integer 

greater than 2 and p j . p;. are sufficiently large distinct 

primes. Preferably, "sufficiently large primes" are prime 
numbers that are numbers approximately 150 digits long or 45 
larger. The advantages of the invention over the prior art 
should be immediately apparent to those skilled in this art. 
If. as in the prior art. p and q are each on the order of. say. 
150 digits long, then n will be on the order of 300 digits long. 
However, three primes p,. p^. and p-, employed in accor- 5c 
dance with the present invention can each be on the order of 
100 digits long and still result in n being 300 digits long. 
Finding and verifying 3 distinct primes, each 100 digits 
long, requires significantly fewer computational cycles than 
finding and verifying 2 primes each 150 digits long. 55 

The commercial need for longer and longer primes shows 
no evidence of slowing: already there are projected require- 
ments for n of about 600 digits long to forestall incremental 
improvements in factoring techniques and the ever faster 
computers available to break ciphenext. The invention, 60 
allowing 4 primes each about 150 digits long to obtain a 600 
digit n. instead of t\^--o primes about 350 digits long, results 
in a marked improvement in computer performance. For. not 
only are primes that are 150 digits in size easier to find and 
verify than ones on the order of 350 digits, but by applying 65 
techniques the inventors derive from the Chinese Remainder 
Theorem (CRT;, public key cryptography calculations for 
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encryption and decryption are completed much faster — even 
if performed serially on a single processor system. However, 
the inventors' techniques are particularly adapted to be 
advantageously apply enable public key operations to par- 
5 allel computer processing. 

The present invention is capable of using the RSA scheme 
to perform encryption and decryption operation using a large 
(many digit) n much faster than heretofore possible. Other 
advantages of the invention include its employment for 
decryption without the need to revise the RSA public 
encryption transformation scheme currently in use on thou- 
sands of large and small computers, 

A key assumption of the present invention is that n, 
composed of 3 or more sufficiently large distinct prime 
numbers, is no easier (or not very much easier) to factor than 
the prior art. two prime number n. The assumption is based 
on the observation that there is no indication in the prior art 
literature that it is "easy" to factor a product consisting of 
more than two sufficiently large, distinct prime numbers. 
This assumption may be justified given the continued effort 
(and failure) among experts to find a way "easily" to break 
large component numbers into their large prime factors. This 
assumption is similar, in the inventors* view, to the assump- 
tion underlying the entire field of public key oy^ptography 
that factoring composite numbers made up of two distinct 
primes is not "easy." That is. the entire field of public key 
cryptography is based not on mathematical proof, but on the 
assumption that the empirical evidence of failed sustained 
efforts to find a way systematically to solve NP problems in 
^ polynomial time indicates that these problems truly are 
"difficult." 

The invention is preferably implemented in a system that 
employs parallel operations to perform the encryption, 

3^ decryption operations required by the RSA scheme. Thus, 
there is also disclosed a cryptosystem that includes a central 
processor unit (CPU) coupled to a number of exponentiator 
elements. The exponentiator elements are special purpose 
arithmetic units designed and structured to be provided 

^ message data M, an encryption key e. and a number n (where 
°=Pi*P2* • • . Pjt- k being greater than 2) and return ciphenext 
C according to the relationship, 

C=Ar(mod(n)) 

45 Alternatively, the exponentiator elements may be pro- 
vided the ciphertext C, a decryption (private) key d and n to 
return M according to the relationship, 

M=C^(inod(n)} 

5C According to this aspect of the invention, the CPU 
receives a task, such as the requirement to decrypt cypher- 
text data C. The CPU will also be provided, or have 
available, a public key e and n, and the factors of n (p^, p^, 
. . . p^). The CPU breaks the encryption task down into a 

55 number of sub-tasks, and delivers the sub-tasks to the 
exponentiator elements. When the results of the sub-tasks 
are returned by the exponentiator elements to the CPU 
which will, using a form of the CRT. combine the results to 
obtain the message data M. An enoyption task may be 

60 performed essentially in the same manner by the CPU and 
its use of the exponentiator elements. However, usually the 
factors of n are not available to the sender (encryptor), only 
the public key. e and n, so that no sub-tasks are created. 
In a preferred embodiment of this laner aspect of the 

65 invention, the bus structure used to couple the CPU and 
exponentiator elements to one another is made secure by 
encrypting ail important information communicated 
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thereon. Thus, data sent to the exponendator elements is 
passed through a data encryption unit that employs, 
preferably, the ANSI Data Encryption Standard (DES). The 
exponentiator elements decrypt the DES-encrypted sub-task 
information they receive, perform the desired task, and 5 
encrypt the result, again using DES. for return to the CPU. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a simplified block diagram of a cryptosystem 20 
architecture configured for use in the present invention. 

FIG. 2 is a memory map of the address space of the 
cryptosystem of HG. 1; and 

FIG. 3 is an exemplary illustration of one use of the 
invention. 



DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

As indicated above, the present invention is employed in 
the context of the RSA public key encryption/decryption 
scheme. As also indicated, the RSA scheme obtains its 
security firora the difficulty of factoring large numbers, and 
the fact that the public and private keys are ftinctions of a 
pair of large ( 10CK200 di^ts or even larger) prime numbers. 
Recovering the plaintext from the public key and the cipher- 
text is conjectured to be equivalent to factoring the product 
of two primes. 

According to the present invention, the public key portion 3Q 
e is picked. Then* three or more random large, distinct prime 
numbers, Pr p2' - - * Pa a^re developed and checked to ensure 
that each is relatively prime to e. Preferably, the prime 

numbers are of equal length. Then, the product n^p^. p2 

Pi, is computed. 35 

Finally, the decryption key, d, is established by the 
relationship: 

40 

The message data, M is encrypted to dphertext C using 
the relationship of (3), above, i.e., 

C=/Wmod K 

45 

To decrypt the ciphertext. C. the relationship of (3), 
above, is used; 



50 

where n and d are those values identified above. 

Using the present invention involving three primes to 
develop the product n. RSA encryption and decryption time 
can be substantially less than an RSA scheme using two 
primes by dividing the encryption or decryption task into 55 
sub-tasks, one sub-task for each distina prime, (However, 
breaking the encryption or decryption into subtasks requires 
knowledge of the factors of n. This knowledge is not usually 
available to anyone except the owner of the key. so the 
encryption process can be accelerated only in special cases. 60 
such as enczyption for local storage. A system encrypting 
data for another user perfonns the encryption process 
according to (3). indcpcndcni of the number of factors of n. 
Decryption, on the other hand, is performed by the owner of 
a key. so the factors of n are generally known and can be 65 
used to accelerate the process.) For example, assume that 
three distinct primes, p^. p^,, and pj. are used to develop the 
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product n. Thus, decryption of the ciphertext, C, using the 
relationship 

A/==C^(nKxi n) 

^ is used to develop the decryption sub-tasks: 

10 

A/3=C3'**mod P3 

where 

Ci=Cmod 

15 

C2=Ciiiod P2, 
Cj=Cmod 
f/j=ifa)od Oi-i); 

20 

d2=dnxxi {p2~iy^ and 

The results of each sub-task, M^, M^. and M3 can be 
combined to produce the plaintext. M, by a number of 
techniques- However, it is found that they can most expe- 
ditiously be combined by a form of die Chinese Remainder 
Theorem (CRT) using, preferably, a recursive scheme. 
Generally, the plaintext M is obtained from the combination 
of the individual sub-tasks by the following relationship: 

where 



J<i 

40 

Encryption is performed in much the same manner as that 
used to obtain the plaintext M, provided (as noted above) the 
factors of n are available. Thus, the relationship 

C=mnx>d n\ 

can be broken down into the three sub-tasks. 

Cj^Af^'^od p2 

where 
55 Afi^Afdnod Pi\ 

M2=M(miod P2\ 

60 ^i=emod (pi-i), 

£2=<rmod {p2~l),^d 

65 In generalized form, the decrypted message M can be 
obtained by the same summation identified above to obtain 
the ciphertext C from its contiguous constituent sub-tasks C,. 
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Preferably, the recursive CRT method described above is 
used to obtain either the ciphertext. C. or the deciphered 
plaintext (message) M due to its speed. However, there may 
be occasioDS when it is beneficial to use a non-recursive 
technique in w^hich case the following relationships are used: 5 

k 

M~ 1 MiiiiJ^ mod pt)Ht mod n 
where 

Wt = ^ pj, and 

k is the number (3 or more) of distinct primes chosen to 15 
develop the product n. 

Thus, for example above (k=3). M is constructed from the 
returned sub-task values Mj. M2. M3 by the relationship 

imod ;?3) H^mod n 

where 

Enq)loying the multiple distinct prime number technique 25 
of the present invention in the RSA scheme can realize 
accelerated processing over that using only two primes for 
the same size n. The invention can be implemented on a 
single processor unit or even the architecture disclosed in the 
above-referenced U.S. Pat. No. 4405.829. The capability of 30 
developing sub-tasks for each prime number is particularly 
adapted to employing a parallel architecture such as that 
illustrated in FIG. 1. 

Turning to FIG. 1. there is illustrated a cryptosystem 
architecture apparatus capable of taking particular advan- 35 
tage of the present invention. The cryptosystem, designated 
with the reference numeral 10. is structured to form a part of 
a larger processing system (not shown) that would deliver to 
the cryptosystem 10 encryption and/or decryption requests, 
receiving in return the object of the request — an encrypted 40 
or decrypted value. The host would include a bus structure 
12. such as a peripheral component interface (PQ) bus for 
communicating with the cryptosystem 10. 

As FIG. 1 shows. The cryptoprocessor 10 includes a 
central processor unit (CPU) 14 that connects to the bus 45 
structure 12 by a bus interface 16, The CPU 14 comprises a 
processor element 20. a memory unit 22, and a data encryp- 
tion standard (DBS) unit 24 interconnected by a data/address 
bus 26. The DES unit 24. in turn, connects to an input/output 
(I/O) bus 30 (through appropriate driver/receiver circuits — 50 
not shown). 

The I/O bus 30 communicatively conneas the CPU to a 
number of exponentiator elements 32^. 32^. and 32^. Shown 
here are three exponentiator elements, although as illustrated 
by the ''other" exponentiators 32„- additional exponentiator 55 
elements can be added. Each exponentiator element is a state 
machine controlled arithmetic circuit structured specifically 
to implement the relationship described above. Thus, for 
example, the exponentiator 32^? would be provided the 
values M|. e^, and p. n to develop C^. Similarly, the 60 
exponentiator circuits 32b and 32c develop C^ and C3 from 
corresponding subiask values M2, e^. P^. M,. €3, and P3, 

Preferably, the CPU 14 is formed on a single integrated 
circuit for security' reasons. However, should there be a need 
for more storage space than can be provided by the "on- 65 
board" memory 22. the bus 30 may also connect the CPU 14 
to an external raeraon,' unit 34. 
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In order to ensure a secure environment, it is preferable 
thai the cryptosystem 10 meet the Federal Information 
Protection System (FIPS) level 3. Accordingly, the elements 
that make up the CPU 14 would be implemented in a design 
5 that will be secure from external probing of the circuit 
However, information communicated on the I/O bus 30 
between the CPU 14 and the exponentiator circuits 32 ( and 
external memory 34 — if present) is exposed. Consequently, 
to maintain the security of that information, it is first 
enay^ted by the DES unit 24 before it is placed on the I/O 
bus 30 by the CPU 14. The exponentiator circuits 32. as well 
as the external memor>' 34. will also include similar DES 
units to decrypt information received from the CPU. and 
later to encrypt information returned to the CPU 14. 

It may be that not all information communicated on the 
I/O bus 30 need be secure by DES enoy^ption. For that 
reason, the DES unit 24 of the CPU 14 is structured to 
encrypt outgoing information, and decrypt incoming 
information, on the basis of where in the address space used 
by the cryptosystem the information belongs: that is, since 
20 infonnation communicated on the I/O bus 30 is either a write 
operation by the CPU 14 to the memors^ 34. or a read 
operation of those elements, the addresses assigned to the 
secure addresses and non-secure addresses. Read or write 
operations conducted by the CPU 14 using secure addresses 
25 win pass through the DES unit 24 and that of the memory 
34. Read or write operations involving non-secure addresses 
win by-pass these DES units. 

FIG. 2 diagrammaticaUy illustrates a memory map 40 of 
the address space of the cryptosystem 10 that is addressable 
30 by the processor 20. As the memory map 40 shows, an 
address range 40 provides addresses for the memor\^ 22. and 
such other support drcuicry (e.g.. registers — not shown) that 
may form a part of the CPU 14. The addresses used to write 
information to. or read information from, the exponentiator 
35 elements 32 are in the address range 44 of the memory map 
40. The addresses for the external memory 34 are in the 
address ranges 46, and 48. The address ranges 44 and 46 are 
for secure read and write operations. Information that must 
be kept secure, such as instructions for implementing 
40 algorithms, encryption/decryption keys, and the like, if 
maintained in external memory 34, wiH be stored at loca- 
tions having addresses in the address range 46. Information 
that need not be secure such as miscellaneous algorithms 
data, general purpose instructions, etc. are kept in memory 
45 locations of the external memory 34 having addresses within 
the address range 48. 

The DES unit 24 is structured to recognize addresses in 
the memory spaces 44. 46, and to automatically encrypt the 
information before it is applied to the I/O bus 30. The DES 
50 unit 24 is bypassed when the processor 20 accesses 
addresses in the address range 48. Thus, when the processor 
20 initiates write operations to addresses within the memory 
space within the address range 46 (to the external memory 
34), the DES unit 24 will automatically encrypt the infor- 
55 mation (not the addresses) and place the encrypted infor- 
mation on the I/O bus 30. Conversely, when the processor 20 
reads information from the external memory 34 at addresses 
within the address range 46 of the external memor>' 34. the 
DES unit will decrypt information received from the I/O bus 
60 30 and place the decrypted information on the data/address 
bus 26 for the processor 20, 

In similar fashion, information conveyed to or retrieved 
from the exponentiators 32 by the processor 20 by write or 
read operations at addresses within the address range 44. 
65 Consequently, writes to the exponentiators 32 will use the 
DES unit 24 to encrypt the information. When that 
(encrypted) information is received by the exponentiators 
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32, it is decrypted by on-board DES units (of each expo- 
nentiator 32). The results of the task performed by the 
exponentiator 32 is then encrypted by the exponentiator^s 
on-board DES unit, retrieved by the processor 20 in 
encrypted form and then decrypted by the DES unit 24. 5 

Information that need not be maintained in secure fashion 
to be stored in the external memory 34. however, need only 
be written to addresses in the address range 48. The DES 
unit 24 recognizes writes to the address range 48. and 
bypasses the encryption circuitry, passing the information, in lo 
unencrypted form, onto the I/O bus 30 for storing in the 
external memory 34. Similarly, reads of the external 
memory 34 using addresses within the address range 48 are 
passed directly from the I/O bus 30 to the data/address bus 
26 by the DES unit 24. 15 

In operation, the CPU 14 will receive from the host it 
serves (not shown;, via the bus 12. an encryption request 
The encryption request will include the message data M to 
be encrypted and. perhaps, the encryption keys e and n (in 

the form of the primes p^, pj p^)- Alternatively, the keys 20 

may be kept by the CPU 14 in the memory 22. In any event, 
the processor 20 will construct the encryption sub^tasks Ci. 

Cj, for execution by the exponentiators 32. 

^Assume, for the purpose of the remainder of this 
discussion, that the encryption/decryption tasks performed 25 
by the oyptosysiem 10, using the present invention, 
employs only three distinct primes, p^, p2. P3. The processor 
20 will develop the sub tasks identified above, using M. e. 
Pi P2- P3 'Tl^^s. for example, if the exponentiator 32a were 
assigned the sub-task of developing C^. the processor would 30 
develop the values M^. e^. and (Pi-1) and deMver units 
(write) these values, with n, to the exponentiator 32a. 
Similar values will be developed by the processor 20 for the 
sub-tasks that will be delivered to the exponentiators 32^ 
and 32c. 35 

In turn, the exponentiators 32 develop the values Ci. C^. 
and C3 which are returned to (retrieved by) the CPU 14. The 
processor 20 will then combine the values C^. C:-. and C3 to 
form C. the ciphenext encryption of M. which is then 
returned to the host via the bus 12, 40 

The encryption, decryption techniques described 
hereinabove, and the use of the cryptosystem 10 (FIG. 1) can 
find use in a number of diverse environments. Illustrated in 
FIG, 3 is one such environment. FIG. 3 shows a host system 
50. including the bus 12 connected to a plurality of crypto- 45 

systems 10 (10a. lOb lOm) structured as illustrated in 

FIG- 1, and described above. In turn, the host system 50 
connects to a communication medium 60 which could be. 
for example, an internet connection that is also used by a 
number of communicating stations 64. For example, the host 5C 
system 50 may be employed by a financial institution 
running a web site accessible, through the communication 
medium, by the stations 64. Alternatively, the communica- 
tion medium may be implemented by a local area network 
(LAN) or other type network. Use of the invention described 55 
herein is not limited to the particular environment in which 
it is used, and the illustration in FIG. 3 is not meant to limit 
in any way how the invention can be used. 

As an example, the host system, as indicated, may receive 
encrypted communication from the stations 64. via the 60 
conmiunication medium 60. Typically, the dau of the com- 
munication will be encrypted using DES. and the DES key 
will be encrypted using a public key by the RSA scheme, 
preferably one that employs three or more distinct prime 
numbers for developing the public and private keys. 65 

Continuing, the DES encrypted communication, includ- 
ing the DES key encrypted with the RSA scheme, would be 
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received by the host system Before decrypting the DES 
coxnmunicatioQ, it must obtain the DES key and. 
accordingly, the host system 50 will issue, to one of the 
cryptosystenis 10 a decryption request instruction, contain- 
5 ing the encrypted DES key as the cyphertext C. If the 
(private) decryption keys, d, n (and its component primes. 

p^, P2 pjt) are not held by the cryptosystem 10, they also 

will be delivered with the encryption request instruction. 
In turn, the cryptosystem 10 would decrypt the received 

10 cyphertext in the manner described above (developing the 
sub-tasks, issuing the sub-tasks to the exponentiator 32 of 
the cryptosystem 10. and reassembling the results of the 
sub-task to develop the message daU: the DES key), and 
return to the host system the desired, decrypted information. 

15 Alternatively, the post-system 50 may desire to deliver, 
via the communication medium 60, an encrypted commu- 
nication to one of the stations 64. If the communication is to 
be encrypted by the DES scheme, with the DES key 
encrypted by the RSA scheme, the host system would 

20 encrypt the communication, forward the DES key to one of 
the cryptosystems 10 for encryption via the RSA scheme. 
When the encrypted DES key is received back from the 
cryptosystem 10. the host system can then deliver to one or 
more of the stations 64 the encrypted message. 

25 Of course, the host system 50 and the stations 64 wiU be 
using the RSA scheme of public key encryption/decryption. 
Encrypted communications from the stations 64 to the host 
system 50 require that tht stations 64 have access to the 
public key E (E. N) while the host system maintains the 

30 private key D (D, N. and the constituent primes, p^, p^ 

p^. Conversely, for secure communication from the host 
system 50 to one or more of the stations 64. the host system 
would retain a public key E' for each station 64, while the 
stations retain the corresponding private keys E'. 

35 Other techniques for encrypting the coxmnunication could 
used. For example, the conamunication could be entirely 
encrypted by the RSA scheme. If, however, the communi- 
cation greater than n-1, it will need to be broken up into 
blocks size M where 

40 

Each block M would be separately encrypted/decrypted, 
using the public key/private key RSA scheme according to 
that described above. 
45 What is claimed: 

1. A method for establishing cryptographic communica- 
tions comprising the step of: 

encoding a plaintext message word M to a ciphertext 
word signal C, where M corresponds to a number 
representative of a message and 

n being a composite number formed from the product 
55 of pi'pz'- • ■ 'Pk where k is an integer greater than 2. p^. 
p-j. . . . Pjt are distinct prime numbers, and where C is 
a number representative of an encoded form of message 
word M. wherein said encoding step comprises the step 
of: 

^ transforming said message word signal M to said cipher- 
text word signal C whereby 

C=Ar(mod n ) 

65 where e is a number relatively prime to (Pi-l)-(p2-i)- 

2. The method according to claim 1, comprising the 
further step of: 
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decoding the ciphertext word signal C to the message 
word signal M. wherein said decoding step comprises 
the step of: transforming said ciphertext word signal C, 
whereby: 

5 

where d is a multiplicative inverse of e(mod(lcm{(px- 

3. A method for transferring a message signal in a lO 
cominunications system having j terminals, wherein each 
terminal is characterized by an encoding key E^^e^. n,} and 

decoding key D=id,. nj. where i=l. 2 j. and wherein 

M, corresponds to a number representative of a message- 
to-be-transmitted from the i^^ terminal, n, is a composite 15 
number of the form 

where k is an integer greater than 2, 20 

p^ p^ p^jt are distinct prime numbers, 

e, is relatively prime to lcm(p, ^-1. Pi,2-1- Plm'^) 
selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

comprising the step of: 

encoding a digital message word signal for transmis- 
sion from a first terminal (i=A) to a second terminal 
(i=B). said encoding step including the sub- step of: 

transforming said message word signal to one or more 
message block word signals M^", each block word 
signal M^** corresponding to a number representative of 
a portion of said message word signal in the range 
O^M,^"^n^-L 

transforming each of said message block word signals 
M^" to a ciphertext word signal C^. corresponding 
to a number representative of an encoded form of said ^ 
message block word signal M^". whereby: 

4. A cryptographic communications system comprising: 
a communication medium: 

an encoding means coupled to said channel and adapted 
for transforming a transmit message word signal M to 
a ciphenext word signal C and for transmitting C on 
said channel, where M corresponds to a number rep- 5c 
resentative of a message and 

O^M^n-i where n is a composite number of the form 

^-Pi-pi • 'Pk 

55 

where k is an integer greater than 2 and P:, p^ Pjt 

distinct prime numbers, and where C corresponds to a 
number representative of an enciphered form of said mes- 
sage and corresponds to 

60 

where e is a number relatively prime to lcm(Pi-l. P2-I 

Pj-i): and 

a decoding means coupled to said channel and adapted for 65 
receiving C from said channel and for transforming C 
to a receive message word signal M* where M* corre- 
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sponds to a number representative of a deciphered form 
of C and corresponds to 

^ where d is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

eiuxDd(\cm((p-\), (P2~^\ ■ • . 

^0 5. A cryptographic communications system having a 
plurality of terminals coupled by a communications channel, 
including a first terminal characterized by an associated 
encoding key E^=(e^, n^) and decoding key D^Kd^. n^). 
wherein n^ is a composite number of the form 

15 

where k is an integer greater than 2. p^.i* Pv4.2 Pajc 

distinct prime numbers, e^ is relatively prime to 

d^ is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

^^(modGcm((p^,i-l). (p^jt-l) O^ijt-i)))). 

and including a second terminal, comprising: 
blocking means for transforming a message-to-be- 
transmitted from said second terminal to said first 
terminal to one or more transmit message word signals 
where corresponds to a number representative 
of said message in the range 

encoding means coupled to said channel and adapted for 
transforming each transmit message word signal to 
a ciphertext word signal and for transmitting on 
^ said channel. 

where corresponds to a number representative of an 
enciphered form of said message and coixe sponds to 

45 wherein said first terminal comprises: 

decoding means coupled to said channel and adapted for 
receiving said ciphertext word signals from said 
channel and for transforming each of said ciphertext 
word signals to a receive message word signal M^. and 
means for transforming said receive message word 
signals M' to said message, where M* is a number 
representative of a deciphered form of and corre- 
sponds to 

6. The system according to claim 5 wherein said second 
terminal is characterized by an associated encoding key 
E^(e^ n^) and decoding key DB=(D5. d^). where: 

60 

rig is z composite number of the form 

where k is an integer greater than 2. p^ _j. p^ ^ p^ j^ 

are distinct prime numbers, e^ is relatively prime to 



25 



30 
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is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

5 

wherein said first terminal comprises: 

blocking means for transforming a message-to-be- 
transmitted from said first terminal to said second 
terminal, to one or more transmit message word 
signals M^. where corresponds to a number lO 
representative of said message in the range 

encoding means coupled to said channel and adapted 
for transforming each transmit message word signal 
to a ciphertext word signal and for transmit- 
ting on said channel, 

where corresponds to a number representative of an 
enciphered form of said message and corresponds to 



wherein said second terminal comprises; 

decoding means coupled to said channel and adapted 
for receiving said ciphertext word signals from 
said channel and for transforming each of said 
ciphertext word signals to a receive message word 
signal M^'. and means for transforming said receive 
message word signals to said message, 
where M' corresponds to a number representative of a 
deciphered form of C and corresponds to 

7. A method for establishing cryptographic communica- 
tions comprising the step of: 

encoding a digital message word signal M to a cipher text 

word signal C. where M corresponds to a number 

representative of a message and 



where n is a composite number having at least 3 whole 

number factors greater than one. the factors being 

distinct prime numbers, and 
where C corresponds to a number representative of an 

encoded form of message word M, 
wherein said encoding step comprises the step of: 

transforming said message word signal M to said 50 
ciphertext word signal C whereby 

where e and a^. a^^ a^ are numbers. 55 

8. In the method according to claim 7 where said encoding 
step includes the step of transforming M to C by the 
performance of a first ordered succession of invertible 
operations on M. the further step of: 

decoding C to M by the performance of a second ordered 6C 
succession of invertible operations on C. where each of 
the invenible operations of said second succession is 
the inverse of a corresponding one of said first 
succession, and wherein the order of said operations in 
said second succession is reversed with respect to the 65 
order of corresponding operations in said first succes- 
sion. 
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9. A communication system for transferring message 
signals M^, comprising: 
j stations*, each of the j stations being characterized by an 
encoding key E~(t,. nj and decoding key D=(d,. nj . 
5 where i=12. . . . J. and wherein 

M, corresponds to a number representative of a mes- 
sage signal to be transmitted from the i'^ terminal, 
and 

n, is a composite number of the form 

where k is an integer greater than 2, 

pj ^. p. 2 p^j. are distinct prime numbers. 

e, is relatively prime to icm(p^- i-l.p, 

d, is selected from the group consisting of the class 
20 of numbers equivalent to a multiplicative inverse 

of 

«/mod(lcm((pu-l). (Pl2-^)^ • • - (Pa"!)))); 

25 a first one of the j terminals including 

means for encoding a digital message word signal 
for transmission from said first terminal 
(i=A) to a second one of the j terminals (i=B), 
and 

30 means for transforming said message word signal 

to a signed message word signal M^^ M^, 
corresponding to a number representative of an 
encoded form of said message word signal M^. 
whereby: 



35 



10. The system of claim 9 further comprising: 

means for transmitting said signal message word signal 
40 from said first terminal to said second terminal, 

and wherein said second terminal includes means for 
decoding said signed message word signal M^^ to said 
message word signal M^. said second terminal includ- 
ing: 

45 means for transforming said signed message word 
signal to said message word signal M^. 

whereby 

11. A commumcations system for transferring a message 
signal Mj, the communications system comprising 

j communication stations each characterized by an encod- 
ing key E,-(e,. nj and decoding key D=(d,. nj. where 

2 j, and wherein corresponds to a number 

representative of a message signal to be transmined 
from the i'^ terminal, n, is a conaposite number of the 
form 



55 



6C 



65 



where 

k is an integer greater than 2. 

p^j. are distinct prime numbers, 

e^ is relatively prime to icm{p^ j-l.p, Pt>~^^ 

d, is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 
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a first one of the j communication stations including 
means for encoding a digital message word signal 

for transmission from said first one of the j coromu- 5 
oication stations (i=A) to a second one of the j 
communication stations (i=B), 
means for transforming said message word signal 
to one or more message block word signals 
each block word signal M^* being a number repre- lO 
sentative of a portion of said message word signal 
M^' in the range O^M^^n^— 1. and 
means for transforming each of said message block 
word signals M^" to a ciphertext word signal C^, 
corresponding to a number representative of an 15 
encoded form of said message block word signal 
whereby: 

20 

12. The system of claim 11 further comprising: 

means for transmitting said ciphertext word signals from 
said first terminal to said second terminal, and 

wherein said second terminal includes means for decod- 
ing said ciphertext word signals to said message word 25 
signal MA. said second terminal including: 

means for transforming each of said ciphertext word 
signals to one of said message block 

word signals M^". whereby 
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means for transforming said message block word signals 
5 M^" to said message word signal M^. 

13. In a coxiununications system, including first and 
second communicating stations interconnected for commu- 
nication therebetween, 
the first communicating station having 
10 encoding means for transforming a transmit message 
word signal M to a ciphertext word signal C where 
M corresponds to a number representative of a 
message and 

15 O^M^n-l 

where n is a composite number having at least 3 whole 
number factors greater than one. the factors being 
distinct prime numbers, and 

where C corresponds to a number representative of an 
enciphered form of said message and corresponds to 

C^^/'-^^iAT'V. - . +i:o(mod n) 

25 where e and a^. a^-I ao are numbers: and 

means for transmitting the ciphertext word signal C 
to the second communicating station. 
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